package org.alfresco.repo.security.authentication;

import java.io.Serializable;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel;
import org.alfresco.service.namespace.QName;
import org.alfresco.util.GUID;
import org.alfresco.util.Pair;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/alfresco/repo/security/authentication/PasswordHashingTest.class */
public class PasswordHashingTest {
    UpgradePasswordHashWorker passwordHashWorker;
    CompositePasswordEncoder cpe;

    @Before
    public void setUp() throws Exception {
        this.cpe = new CompositePasswordEncoder();
        this.cpe.setEncoders(CompositePasswordEncoderTest.encodersConfig);
        this.passwordHashWorker = new UpgradePasswordHashWorker();
        this.passwordHashWorker.setCompositePasswordEncoder(this.cpe);
    }

    @Test
    public void testRehashedPassword() throws Exception {
        this.cpe.setPreferredEncoding("md4");
        String generate = GUID.generate();
        String encode = this.cpe.encode("md4", "HASHED_MY_PASSWORD", (Object) null);
        String encode2 = this.cpe.encode("sha256", "HASHED_MY_PASSWORD", generate);
        HashMap hashMap = new HashMap();
        hashMap.put(ContentModel.PROP_PASSWORD, "nonsense");
        Assert.assertFalse("Should be empty", hashMap.containsKey(ContentModel.PROP_PASSWORD_HASH));
        Assert.assertTrue(this.passwordHashWorker.processPasswordHash(hashMap));
        Assert.assertEquals(CompositePasswordEncoder.MD4, hashMap.get(ContentModel.PROP_HASH_INDICATOR));
        Assert.assertTrue("Should now contain the password", hashMap.containsKey(ContentModel.PROP_PASSWORD_HASH));
        Assert.assertFalse("Should remove the property", hashMap.containsKey(ContentModel.PROP_PASSWORD));
        Assert.assertFalse("Should remove the property", hashMap.containsKey(ContentModel.PROP_PASSWORD_SHA256));
        Assert.assertEquals("nonsense", hashMap.get(ContentModel.PROP_PASSWORD_HASH));
        hashMap.clear();
        hashMap.put(ContentModel.PROP_PASSWORD, "PLAIN TEXT PASSWORD");
        Assert.assertTrue(this.passwordHashWorker.processPasswordHash(hashMap));
        Assert.assertEquals(CompositePasswordEncoder.MD4, hashMap.get(ContentModel.PROP_HASH_INDICATOR));
        Assert.assertTrue("Should now contain the password", hashMap.containsKey(ContentModel.PROP_PASSWORD_HASH));
        Assert.assertFalse("Should remove the property", hashMap.containsKey(ContentModel.PROP_PASSWORD));
        Assert.assertFalse("Should remove the property", hashMap.containsKey(ContentModel.PROP_PASSWORD_SHA256));
        Assert.assertEquals("PLAIN TEXT PASSWORD", hashMap.get(ContentModel.PROP_PASSWORD_HASH));
        Assert.assertFalse("We copied a plain text password to the new property but the legacy encoding is set to MD4 so the password would NEVER match.", matches("PLAIN TEXT PASSWORD", hashMap, this.cpe));
        hashMap.clear();
        hashMap.put(ContentModel.PROP_PASSWORD, encode);
        this.cpe.setPreferredEncoding("bcrypt10");
        Assert.assertTrue("We have the property", hashMap.containsKey(ContentModel.PROP_PASSWORD));
        Assert.assertFalse("Should be empty", hashMap.containsKey(ContentModel.PROP_PASSWORD_HASH));
        Assert.assertTrue(this.passwordHashWorker.processPasswordHash(hashMap));
        Assert.assertEquals(Arrays.asList("md4", "bcrypt10"), hashMap.get(ContentModel.PROP_HASH_INDICATOR));
        Assert.assertTrue("Should now contain the password", hashMap.containsKey(ContentModel.PROP_PASSWORD_HASH));
        Assert.assertTrue(matches("HASHED_MY_PASSWORD", hashMap, this.cpe));
        Assert.assertFalse("Should remove the property", hashMap.containsKey(ContentModel.PROP_PASSWORD));
        Assert.assertFalse("Should remove the property", hashMap.containsKey(ContentModel.PROP_PASSWORD_SHA256));
        hashMap.clear();
        hashMap.put(ContentModel.PROP_PASSWORD, "This should be ignored");
        hashMap.put(ContentModel.PROP_PASSWORD_SHA256, encode2);
        hashMap.put(ContentModel.PROP_SALT, generate);
        Assert.assertTrue("We have the property", hashMap.containsKey(ContentModel.PROP_PASSWORD));
        Assert.assertTrue("We have the property", hashMap.containsKey(ContentModel.PROP_PASSWORD_SHA256));
        Assert.assertFalse("Should be empty", hashMap.containsKey(ContentModel.PROP_PASSWORD_HASH));
        Assert.assertTrue(this.passwordHashWorker.processPasswordHash(hashMap));
        Assert.assertEquals(Arrays.asList("sha256", "bcrypt10"), hashMap.get(ContentModel.PROP_HASH_INDICATOR));
        Assert.assertTrue("Should now contain the password", hashMap.containsKey(ContentModel.PROP_PASSWORD_HASH));
        Assert.assertTrue(matches("HASHED_MY_PASSWORD", hashMap, this.cpe));
        Assert.assertFalse("Should remove the property", hashMap.containsKey(ContentModel.PROP_PASSWORD));
        Assert.assertFalse("Should remove the property", hashMap.containsKey(ContentModel.PROP_PASSWORD_SHA256));
    }

    @Test
    public void testRehashedPasswordBcrypt() throws Exception {
        this.cpe.setPreferredEncoding("md4");
        HashMap hashMap = new HashMap();
        hashMap.put(ContentModel.PROP_HASH_INDICATOR, (Serializable) Arrays.asList("md4"));
        hashMap.put(ContentModel.PROP_PASSWORD_HASH, "long hash");
        Assert.assertFalse(this.passwordHashWorker.processPasswordHash(hashMap));
        this.cpe.setPreferredEncoding("bcrypt11");
        Assert.assertTrue(this.passwordHashWorker.processPasswordHash(hashMap));
        Assert.assertEquals(Arrays.asList("md4", "bcrypt11"), RepositoryAuthenticationDao.determinePasswordHash(hashMap).getFirst());
    }

    @Test
    public void testGetPasswordHash() throws Exception {
        HashMap hashMap = new HashMap();
        this.cpe.setPreferredEncoding("bcrypt10");
        try {
            RepositoryAuthenticationDao.determinePasswordHash(hashMap);
            Assert.fail("Should throw exception");
        } catch (AlfrescoRuntimeException e) {
            Assert.assertTrue(e.getMessage().contains("Unable to find a password for user"));
        }
        hashMap.put(ContentModel.PROP_PASSWORD, "mypassword");
        Pair determinePasswordHash = RepositoryAuthenticationDao.determinePasswordHash(hashMap);
        Assert.assertEquals(CompositePasswordEncoder.MD4, determinePasswordHash.getFirst());
        Assert.assertEquals("mypassword", determinePasswordHash.getSecond());
        hashMap.put(ContentModel.PROP_PASSWORD_SHA256, "sha_password");
        Pair determinePasswordHash2 = RepositoryAuthenticationDao.determinePasswordHash(hashMap);
        Assert.assertEquals(CompositePasswordEncoder.SHA256, determinePasswordHash2.getFirst());
        Assert.assertEquals("sha_password", determinePasswordHash2.getSecond());
        hashMap.put(ContentModel.PROP_HASH_INDICATOR, null);
        Pair determinePasswordHash3 = RepositoryAuthenticationDao.determinePasswordHash(hashMap);
        Assert.assertEquals(CompositePasswordEncoder.SHA256, determinePasswordHash3.getFirst());
        Assert.assertEquals("sha_password", determinePasswordHash3.getSecond());
        hashMap.put(ContentModel.PROP_HASH_INDICATOR, new ArrayList(0));
        Pair determinePasswordHash4 = RepositoryAuthenticationDao.determinePasswordHash(hashMap);
        Assert.assertEquals(CompositePasswordEncoder.SHA256, determinePasswordHash4.getFirst());
        Assert.assertEquals("sha_password", determinePasswordHash4.getSecond());
        hashMap.put(ContentModel.PROP_HASH_INDICATOR, (Serializable) Arrays.asList("myencoding"));
        hashMap.put(ContentModel.PROP_PASSWORD_HASH, "hashed this time");
        Pair determinePasswordHash5 = RepositoryAuthenticationDao.determinePasswordHash(hashMap);
        Assert.assertEquals(Arrays.asList("myencoding"), determinePasswordHash5.getFirst());
        Assert.assertEquals("hashed this time", determinePasswordHash5.getSecond());
    }

    private static boolean matches(String str, Map<QName, Serializable> map, CompositePasswordEncoder compositePasswordEncoder) {
        return compositePasswordEncoder.matchesPassword(str, (String) map.get(ContentModel.PROP_PASSWORD_HASH), (String) map.get(ContentModel.PROP_SALT), (List) map.get(ContentModel.PROP_HASH_INDICATOR));
    }
}
