package ml.alternet.test.security.web;

import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import javax.xml.bind.DatatypeConverter;
import ml.alternet.security.Password;
import ml.alternet.security.PasswordManagerFactory;
import ml.alternet.security.web.server.BasicAuthorizationBuffer;
import org.assertj.core.api.Assertions;
import org.testng.annotations.Test;

/* loaded from: input_file:ml/alternet/test/security/web/BasicAuthBufferTest.class */
public class BasicAuthBufferTest {
    String unsafePwd = "da_AcTu@| P@zzm0R|)";
    String cred = "john:" + this.unsafePwd;
    String b64Cred = DatatypeConverter.printBase64Binary(this.cred.getBytes());
    String basic = "Basic " + this.b64Cred;
    String auth = "Authorization: " + this.basic;
    String firsHttpHeaders = "Host: localhost:8675\r\nConnection: keep-alive\r\nCache-Control: max-age=0\r\n";
    String lastHttpHeaders = "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36\r\nAccept-Encoding: gzip, deflate, sdch\r\nAccept-Language: fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4";
    String httpHeaders = this.firsHttpHeaders + this.auth + "\r\n" + this.lastHttpHeaders;

    @Test
    public void password_ShouldBe_extractedFromHttpHeaders() {
        check(createBuffer(this.httpHeaders, BasicAuthorizationBuffer.Scope.Headers));
    }

    @Test
    public void password_ShouldBe_extractedFromHttpHeadersEndingWithCRLF() {
        check(createBuffer(this.httpHeaders + "\r\n", BasicAuthorizationBuffer.Scope.Headers));
    }

    @Test
    public void password_ShouldBe_extractedFromSingleHttpHeader() {
        check(createBuffer(this.auth, BasicAuthorizationBuffer.Scope.AuthorizationHeader));
    }

    @Test
    public void password_ShouldBe_extractedFromBasicCredential() {
        check(createBuffer(this.basic, BasicAuthorizationBuffer.Scope.AuthorizationHeaderValue));
    }

    @Test
    public void credentials_ShouldNotBe_foundInOtherHttpHeader() {
        Assertions.assertThat(createBuffer("Cache-Control: max-age=0", BasicAuthorizationBuffer.Scope.AuthorizationHeader).findCredentialsBoundaries()).isFalse();
    }

    @Test
    public void credentials_ShouldNotBe_foundInHttpHeadersWithoutAuthorizationHeader() {
        Assertions.assertThat(createBuffer(this.firsHttpHeaders + this.lastHttpHeaders, BasicAuthorizationBuffer.Scope.Headers).findCredentialsBoundaries()).isFalse();
    }

    @Test
    public void credentials_ShouldBe_unreachable() {
        Assertions.assertThat(createBuffer(this.firsHttpHeaders + "\r\n" + this.auth + "\r\n" + this.lastHttpHeaders, BasicAuthorizationBuffer.Scope.Headers).findCredentialsBoundaries()).isFalse();
    }

    public BasicAuthorizationBuffer createBuffer(String str, BasicAuthorizationBuffer.Scope scope) {
        final ByteBuffer wrap = ByteBuffer.wrap(str.getBytes(Charset.forName("ISO-8859-1")));
        return new BasicAuthorizationBuffer(scope, wrap.position(), wrap.limit()) { // from class: ml.alternet.test.security.web.BasicAuthBufferTest.1
            public void set(int i, byte b) {
                wrap.put(i, b);
            }

            public byte get(int i) {
                return wrap.get(i);
            }

            public void debug(String str2) {
            }
        };
    }

    public void check(BasicAuthorizationBuffer basicAuthorizationBuffer) {
        Assertions.assertThat(basicAuthorizationBuffer.findCredentialsBoundaries()).isTrue();
        Password.Clear clearCopy = basicAuthorizationBuffer.replace(PasswordManagerFactory.getStrongPasswordManager()).getPassword().getClearCopy();
        Throwable th = null;
        try {
            try {
                Assertions.assertThat(clearCopy.get()).isEqualTo(this.unsafePwd.toCharArray());
                if (clearCopy != null) {
                    if (0 != 0) {
                        try {
                            clearCopy.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        clearCopy.close();
                    }
                }
                clearCopy = basicAuthorizationBuffer.replace(PasswordManagerFactory.getStrongPasswordManager()).getPassword().getClearCopy();
                Throwable th3 = null;
                try {
                    try {
                        char[] cArr = clearCopy.get();
                        Assertions.assertThat(cArr.length).isEqualTo(this.unsafePwd.length());
                        Assertions.assertThat(cArr).containsOnly(new char[]{'*'});
                        if (clearCopy != null) {
                            if (0 == 0) {
                                clearCopy.close();
                                return;
                            }
                            try {
                                clearCopy.close();
                            } catch (Throwable th4) {
                                th3.addSuppressed(th4);
                            }
                        }
                    } catch (Throwable th5) {
                        th3 = th5;
                        throw th5;
                    }
                } finally {
                }
            } catch (Throwable th6) {
                th = th6;
                throw th6;
            }
        } finally {
        }
    }
}
