package com.gentics.contentnode.tests.rest;

import com.gentics.contentnode.factory.Transaction;
import com.gentics.contentnode.factory.TransactionException;
import com.gentics.contentnode.factory.TransactionManager;
import com.gentics.contentnode.factory.object.SystemUserFactory;
import com.gentics.contentnode.init.BcryptPasswords;
import com.gentics.contentnode.license.GCNLicenseKeyFeature;
import com.gentics.contentnode.object.SystemUser;
import com.gentics.contentnode.object.UserGroup;
import com.gentics.contentnode.rest.model.request.HashPasswordRequest;
import com.gentics.contentnode.rest.model.request.LoginRequest;
import com.gentics.contentnode.rest.model.request.LoginWithRsaRequest;
import com.gentics.contentnode.rest.model.response.HashPasswordResponse;
import com.gentics.contentnode.rest.model.response.LoginResponse;
import com.gentics.contentnode.rest.model.response.ResponseCode;
import com.gentics.contentnode.rest.resource.impl.AuthenticationResourceImpl;
import com.gentics.contentnode.security.RsaTokenValidator;
import com.gentics.contentnode.testutils.DBTestContext;
import com.gentics.contentnode.testutils.LicenseHelper;
import com.gentics.lib.etc.StringUtils;
import com.gentics.lib.license.LicenseChecker;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.util.Arrays;
import javax.servlet.http.HttpServletRequest;
import org.junit.Assert;
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Test;

/* loaded from: input_file:com/gentics/contentnode/tests/rest/AuthenticationSandboxTest.class */
public class AuthenticationSandboxTest {

    @ClassRule
    public static DBTestContext testContext = new DBTestContext();
    public static final String RSALOGIN_KEY_PRIVATE = "/com/gentics/testutils/resources/rsalogin/private_key.der";
    public static final String RSALOGIN_KEY_PUBLIC = "/com/gentics/testutils/resources/rsalogin/public_key.der";
    private SystemUser systemUser = null;
    public String TESTPASSWORD = "monkey";
    public int groupId = 5;

    @Before
    public void setUp() throws Exception {
        new BcryptPasswords().execute();
        testContext.getContext().startTransaction();
        this.systemUser = createDummyUser(new BigInteger(130, new SecureRandom()).toString(32), this.TESTPASSWORD);
        LicenseChecker.init(Arrays.asList(GCNLicenseKeyFeature.values()), GCNLicenseKeyFeature.CN, new File(LicenseHelper.class.getResource("license.key").toURI()), true, true);
    }

    @Test
    public void testLogin() throws Exception {
        setSystemUserPasswordAndTestLogin(SystemUserFactory.hashPassword(this.TESTPASSWORD, 0), this.TESTPASSWORD, ResponseCode.OK);
    }

    @Test
    public void testLoginWithInvalidPassword() throws Exception {
        setSystemUserPasswordAndTestLogin(SystemUserFactory.hashPassword(this.TESTPASSWORD, 0), "obviouslyWrongPassword", ResponseCode.NOTFOUND);
    }

    @Test
    public void testLoginWithLegacyPassword() throws Exception {
        this.systemUser.setPassword("leg-" + SystemUserFactory.hashPassword(StringUtils.md5(this.systemUser.getId() + this.TESTPASSWORD).toLowerCase(), 0));
        this.systemUser.save();
        TransactionManager.getCurrentTransaction().commit(false);
        testLogin(this.systemUser.getLogin(), this.TESTPASSWORD, ResponseCode.OK, "");
    }

    @Test
    public void testLoginWithOldMd5Password() throws Exception {
        this.systemUser.setPassword(StringUtils.md5(this.systemUser.getId() + this.TESTPASSWORD).toLowerCase());
        this.systemUser.save();
        TransactionManager.getCurrentTransaction().commit(false);
        testLogin(this.systemUser.getLogin(), this.TESTPASSWORD, ResponseCode.NOTFOUND, "");
    }

    @Test
    public void testLoginWithRsaToken() throws Exception {
        AuthenticationResourceImpl authenticationResource = getAuthenticationResource();
        RsaTokenValidator rsaTokenValidator = authenticationResource.getRsaTokenValidator();
        InputStream resourceAsStream = AuthenticationSandboxTest.class.getResourceAsStream(RSALOGIN_KEY_PRIVATE);
        if (resourceAsStream == null) {
            throw new FileNotFoundException("Private key {/com/gentics/testutils/resources/rsalogin/private_key.der} not found within classpath.");
        }
        PrivateKey loadPrivateKey = rsaTokenValidator.loadPrivateKey(resourceAsStream);
        InputStream resourceAsStream2 = AuthenticationSandboxTest.class.getResourceAsStream(RSALOGIN_KEY_PUBLIC);
        if (resourceAsStream2 == null) {
            throw new FileNotFoundException("Public key {/com/gentics/testutils/resources/rsalogin/public_key.der} not found within classpath.");
        }
        rsaTokenValidator.setPublicKey(rsaTokenValidator.loadPublicKey(resourceAsStream2));
        String bigInteger = new BigInteger(130, new SecureRandom()).toString(32);
        int currentTimeMillis = (int) (System.currentTimeMillis() / 1000);
        int i = currentTimeMillis + 3600;
        LoginWithRsaRequest loginWithRsaRequest = new LoginWithRsaRequest();
        loginWithRsaRequest.setUsername("system");
        loginWithRsaRequest.setSalt(bigInteger);
        loginWithRsaRequest.setExpirationTimestamp(i);
        loginWithRsaRequest.setRsaSignature(RsaTokenValidator.generateSignature(loadPrivateKey, bigInteger, i));
        Assert.assertEquals("Login response code has to be OK", ResponseCode.OK, authenticationResource.loginWithRsa(loginWithRsaRequest, "0").getResponseInfo().getResponseCode());
        loginWithRsaRequest.setRsaSignature(RsaTokenValidator.generateSignature(loadPrivateKey, "nonesense", i));
        Assert.assertEquals("Login response code has to be NOTFOUND", ResponseCode.NOTFOUND, authenticationResource.loginWithRsa(loginWithRsaRequest, "0").getResponseInfo().getResponseCode());
        int i2 = currentTimeMillis + 31536000;
        loginWithRsaRequest.setExpirationTimestamp(i2);
        loginWithRsaRequest.setRsaSignature(RsaTokenValidator.generateSignature(loadPrivateKey, bigInteger, i2));
        Assert.assertEquals("Login with invalid timestamp response code has to be NOTFOUND", ResponseCode.NOTFOUND, authenticationResource.loginWithRsa(loginWithRsaRequest, "0").getResponseInfo().getResponseCode());
        int i3 = currentTimeMillis - 1000;
        loginWithRsaRequest.setExpirationTimestamp(i3);
        loginWithRsaRequest.setRsaSignature(RsaTokenValidator.generateSignature(loadPrivateKey, bigInteger, i3));
        Assert.assertEquals("Login with expired timestamp response code has to be NOTFOUND", ResponseCode.NOTFOUND, authenticationResource.loginWithRsa(loginWithRsaRequest, "0").getResponseInfo().getResponseCode());
        int i4 = currentTimeMillis + 3600;
        String str = "rsa-" + RsaTokenValidator.generateSignature(loadPrivateKey, bigInteger, i4) + "|" + bigInteger + "|" + i4;
        LoginRequest loginRequest = new LoginRequest();
        loginRequest.setLogin("system");
        loginRequest.setPassword(str);
        Assert.assertEquals("Login with RSA token password has to be OK", ResponseCode.OK, authenticationResource.login(loginRequest, "0").getResponseInfo().getResponseCode());
    }

    @Test
    public void testLoginWithNullPassword() throws Exception {
        setSystemUserPasswordAndTestLogin(SystemUserFactory.hashPassword(this.TESTPASSWORD, 0), null, ResponseCode.NOTFOUND);
    }

    @Test
    public void testLoginWithEmptyPassword() throws Exception {
        setSystemUserPasswordAndTestLogin(SystemUserFactory.hashPassword(this.TESTPASSWORD, 0), "", ResponseCode.NOTFOUND);
    }

    @Test
    public void testHashPassword() throws Exception {
        AuthenticationResourceImpl authenticationResource = getAuthenticationResource();
        HashPasswordRequest hashPasswordRequest = new HashPasswordRequest();
        hashPasswordRequest.setPassword(this.TESTPASSWORD);
        HashPasswordResponse hashPassword = authenticationResource.hashPassword((HttpServletRequest) null, hashPasswordRequest, 0);
        Assert.assertEquals("Response code has to be OK", ResponseCode.OK, hashPassword.getResponseInfo().getResponseCode());
        String hash = hashPassword.getHash();
        Assert.assertTrue("Hash has to start with $", hash.startsWith("$"));
        Assert.assertTrue("Hash has to be exactly 60 characters long", hash.length() == 60);
    }

    protected SystemUser createDummyUser(String str, String str2) throws Exception {
        Transaction currentTransaction = TransactionManager.getCurrentTransaction();
        SystemUser createObject = currentTransaction.createObject(SystemUser.class);
        createObject.setLogin(str);
        createObject.setFirstname("Max");
        createObject.setLastname("Mustermann");
        createObject.setEmail("test@localhost");
        createObject.setActive(true);
        createObject.setLastname("Mustermann");
        createObject.setPassword(str2);
        createObject.getUserGroups().add(currentTransaction.getObject(UserGroup.class, Integer.valueOf(this.groupId)));
        createObject.save();
        currentTransaction.commit(false);
        return createObject;
    }

    protected void setSystemUserPasswordAndTestLogin(String str, String str2, ResponseCode responseCode) throws Exception {
        this.systemUser.setPassword(str);
        this.systemUser.save();
        TransactionManager.getCurrentTransaction().commit(false);
        String testLogin = testLogin(this.systemUser.getLogin(), str2, responseCode, "");
        if (testLogin.length() > 15) {
            testLogin = testLogin.substring(0, testLogin.length() - 15);
        }
        testLogin(this.systemUser.getLogin(), str2, responseCode, testLogin);
    }

    protected String testLogin(String str, String str2, ResponseCode responseCode, String str3) throws TransactionException {
        AuthenticationResourceImpl authenticationResource = getAuthenticationResource();
        LoginRequest loginRequest = new LoginRequest();
        loginRequest.setLogin(str);
        loginRequest.setPassword(str2);
        LoginResponse login = authenticationResource.login(loginRequest, str3);
        Assert.assertEquals("Login response code has to match expected value", responseCode, login.getResponseInfo().getResponseCode());
        return responseCode != ResponseCode.OK ? "0" : login.getSid();
    }

    protected AuthenticationResourceImpl getAuthenticationResource() throws TransactionException {
        AuthenticationResourceImpl authenticationResourceImpl = new AuthenticationResourceImpl();
        authenticationResourceImpl.setTransaction(TransactionManager.getCurrentTransaction());
        authenticationResourceImpl.initialize();
        return authenticationResourceImpl;
    }
}
