package com.ibm.ws.security.registry.basic.fat;

import com.ibm.websphere.simplicity.RemoteFile;
import com.ibm.websphere.simplicity.log.Log;
import com.ibm.ws.security.registry.test.UserRegistryServletConnection;
import componenttest.topology.impl.LibertyServer;
import componenttest.topology.impl.LibertyServerFactory;
import componenttest.vulnerability.LeakedPasswordChecker;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:com/ibm/ws/security/registry/basic/fat/FATTest.class */
public class FATTest {
    private static final String ALTERNATE_BASIC_REGISTRY_CONFIG = "alternateBasicRegistry.xml";
    private static final String DEFAULT_AES_CONFIG_FILE = "defaultAESBasicRegistry.xml";
    private static final String CUSTOM_AES_CONFIG_FILE = "customAESBasicRegistry.xml";
    private static final String DEFAULT_HASH_CONFIG_FILE = "defaultHashBasicRegistry.xml";
    private static UserRegistryServletConnection servlet;
    private final LeakedPasswordChecker passwordChecker = new LeakedPasswordChecker(server);
    private static final String DEFAULT_CONFIG_FILE = "basic.server.xml.orig";
    private static String serverConfigurationFile = DEFAULT_CONFIG_FILE;
    private static LibertyServer server = LibertyServerFactory.getLibertyServer("com.ibm.ws.security.registry.basic.fat");
    private static final Class<?> c = FATTest.class;

    @BeforeClass
    public static void setUp() throws Exception {
        server.copyFileToLibertyInstallRoot("lib/features", "basicRegistryInternals-1.0.mf");
        Log.info(c, "setUp", "Starting the server... (will wait for userRegistry servlet to start)");
        server.addInstalledAppForValidation("userRegistry");
        server.startServer(c.getName() + ".log");
        Assert.assertNotNull("Security service did not report it was ready", server.waitForStringInLog("CWWKS0008I"));
        Assert.assertNotNull("The application did not report is was started", server.waitForStringInLog("CWWKZ0001I"));
        Log.info(c, "setUp", "Creating servlet connection the server");
        servlet = new UserRegistryServletConnection(server.getHostname(), server.getHttpDefaultPort());
    }

    @AfterClass
    public static void tearDown() throws Exception {
        Log.info(c, "tearDown", "Stopping the server...");
        server.stopServer(new String[0]);
    }

    @Test
    public void getRealm() throws Exception {
        Log.info(c, "getRealm", "Checking expected realm");
        setServerConfiguration(server, DEFAULT_CONFIG_FILE);
        Assert.assertEquals("SampleBasicRealm", servlet.getRealm());
    }

    @Test
    public void checkPasswordWithGoodCredentials() throws Exception {
        Log.info(c, "checkPasswordWithGoodCredentials", "Checking good credentials");
        setServerConfiguration(server, DEFAULT_CONFIG_FILE);
        Assert.assertEquals("Authentication should succeed.", "admin", servlet.checkPassword("admin", "password123"));
        this.passwordChecker.checkForPasswordInAnyFormat("password123");
    }

    @Test
    public void checkPasswordWithBadCredentials() throws Exception {
        Log.info(c, "checkPasswordWithBadCredentials", "Checking bad credentials");
        setServerConfiguration(server, DEFAULT_CONFIG_FILE);
        Assert.assertNull("Authentication should not succeed.", servlet.checkPassword("admin", "badPassword"));
        this.passwordChecker.checkForPasswordInAnyFormat("badPassword");
    }

    @Test
    public void checkPasswordEncodedUsingAES() throws Exception {
        Log.info(c, "checkPasswordEncodedUsingAES", "Checking aes encoded credentials");
        setServerConfiguration(server, DEFAULT_AES_CONFIG_FILE);
        Assert.assertEquals("Authentication should succeed.", "defaultUser", servlet.checkPassword("defaultUser", "alternatepwd"));
        this.passwordChecker.checkForPasswordInAnyFormat("alternatepwd");
        setServerConfiguration(server, CUSTOM_AES_CONFIG_FILE);
        Assert.assertEquals("Authentication should succeed.", "customUser", servlet.checkPassword("customUser", "alternatepwd"));
        this.passwordChecker.checkForPasswordInAnyFormat("alternatepwd");
    }

    @Test
    public void checkPasswordEncodedUsingHashDefault() throws Exception {
        Log.info(c, "checkPasswordEncodedUsingHash", "Checking hash encoded credentials");
        setServerConfiguration(server, DEFAULT_HASH_CONFIG_FILE);
        Assert.assertEquals("Authentication should succeed.", "hashedUser", servlet.checkPassword("hashedUser", "pa$$w0rd"));
        this.passwordChecker.checkForPasswordInAnyFormat("pa$$w0rd");
        Assert.assertNull("Authentication should fail.", servlet.checkPassword("hashedUser", "pa@@w0rd"));
        this.passwordChecker.checkForPasswordInAnyFormat("pa@@w0rd");
    }

    @Test
    public void checkPasswordEncodedUsingHashCustom() throws Exception {
        Log.info(c, "checkPasswordEncodedUsingHash", "Checking hash encoded credentials");
        setServerConfiguration(server, DEFAULT_HASH_CONFIG_FILE);
        Assert.assertEquals("Authentication should succeed.", "customHashedUser", servlet.checkPassword("customHashedUser", "WebAS"));
        this.passwordChecker.checkForPasswordInAnyFormat("WebAS");
        Assert.assertNull("Authentication should fail.", servlet.checkPassword("customHashedUser", "WebA$"));
        this.passwordChecker.checkForPasswordInAnyFormat("WebA$");
    }

    @Test
    public void dynamicallyChangeBasicRegistryConfiguration() throws Exception {
        Log.info(c, "checkPasswordWithBadCredentials", "Checking bad credentials");
        setServerConfiguration(server, ALTERNATE_BASIC_REGISTRY_CONFIG);
        Assert.assertEquals("Should get the new realm name", "AlternateRealm", servlet.getRealm());
        Assert.assertNull("Authentication should not succeed for old user.", servlet.checkPassword("admin", "password123"));
        Assert.assertEquals("Authentication should succeed for new user.", "alternateUser", servlet.checkPassword("alternateUser", "alternatepwd"));
    }

    private static void setServerConfiguration(LibertyServer libertyServer, String str) throws Exception {
        if (serverConfigurationFile.equals(str)) {
            return;
        }
        Log.info(c, "setServerConfiguration", "setServerConfigurationFile to : " + str);
        libertyServer.setMarkToEndOfLog(new RemoteFile[0]);
        libertyServer.setServerConfigurationFile(str);
        libertyServer.waitForStringInLog("CWWKG0017I");
        serverConfigurationFile = str;
    }
}
