/*
 * Copyright (c) 2011, Isode Limited, London, England.
 * All rights reserved.
 */
/*
 * Copyright (c) 2010, Remko Tron?on.
 * All rights reserved.
 */
package com.isode.stroke.sasl;

import com.isode.stroke.base.ByteArray;
import com.isode.stroke.base.SafeByteArray;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import static org.junit.Assert.*;
import com.isode.stroke.idn.IDNConverter;
import com.isode.stroke.idn.ICUConverter;
import com.isode.stroke.crypto.CryptoProvider;
import com.isode.stroke.crypto.JavaCryptoProvider;

/**
 *
 * @author Kev
 */
public class SCRAMSHA1ClientAuthenticatorTest {

    private IDNConverter idnConverter;
    private CryptoProvider crypto;

    @Before
    public void setUp() {
        idnConverter = new ICUConverter();
        crypto = new JavaCryptoProvider();
    }

    @Test
    public void testGetInitialResponse() {
        SCRAMSHA1ClientAuthenticator testling = new SCRAMSHA1ClientAuthenticator("abcdefghABCDEFGH", false, idnConverter, crypto);
        testling.setCredentials("user", new SafeByteArray("pass"), "");

        SafeByteArray response = testling.getResponse();

        assertEquals(new SafeByteArray("n,,n=user,r=abcdefghABCDEFGH"), response);
    }

    @Test
    public void testGetInitialResponse_UsernameHasSpecialChars() {
        SCRAMSHA1ClientAuthenticator testling = new SCRAMSHA1ClientAuthenticator("abcdefghABCDEFGH", false, idnConverter, crypto);
        testling.setCredentials(",us=,er=", new SafeByteArray("pass"), "");

        SafeByteArray response = testling.getResponse();

        assertEquals(new SafeByteArray("n,,n==2Cus=3D=2Cer=3D,r=abcdefghABCDEFGH"), response);
    }

    @Test
    public void testGetInitialResponse_WithAuthorizationID() {
        SCRAMSHA1ClientAuthenticator testling = new SCRAMSHA1ClientAuthenticator("abcdefghABCDEFGH", false, idnConverter, crypto);
        testling.setCredentials("user", new SafeByteArray("pass"), "auth");

        SafeByteArray response = testling.getResponse();

        assertEquals(new SafeByteArray("n,a=auth,n=user,r=abcdefghABCDEFGH"), response);
    }

    @Test
    public void testGetInitialResponse_WithAuthorizationIDWithSpecialChars() {
        SCRAMSHA1ClientAuthenticator testling = new SCRAMSHA1ClientAuthenticator("abcdefghABCDEFGH", false, idnConverter, crypto);
        testling.setCredentials("user", new SafeByteArray("pass"), "a=u,th");

        SafeByteArray response = testling.getResponse();

        assertEquals(new SafeByteArray("n,a=a=3Du=2Cth,n=user,r=abcdefghABCDEFGH"), response);
    }

    @Test
    public void testGetInitialResponse_WithoutChannelBindingWithTLSChannelBindingData() {
        SCRAMSHA1ClientAuthenticator testling = new SCRAMSHA1ClientAuthenticator("abcdefghABCDEFGH", false, idnConverter, crypto);
        testling.setTLSChannelBindingData(new ByteArray("xyza"));
        testling.setCredentials("user", new SafeByteArray("pass"), "");

        SafeByteArray response = testling.getResponse();

        assertEquals(new SafeByteArray("y,,n=user,r=abcdefghABCDEFGH"), response);
    }

    @Test
    public void testGetInitialResponse_WithChannelBindingWithTLSChannelBindingData() {
        SCRAMSHA1ClientAuthenticator testling = new SCRAMSHA1ClientAuthenticator("abcdefghABCDEFGH", true, idnConverter, crypto);
        testling.setTLSChannelBindingData(new ByteArray("xyza"));
        testling.setCredentials("user", new SafeByteArray("pass"), "");

        SafeByteArray response = testling.getResponse();

        assertEquals(new SafeByteArray("p=tls-unique,,n=user,r=abcdefghABCDEFGH"), response);
    }

    @Test
    public void testGetFinalResponse() {
        SCRAMSHA1ClientAuthenticator testling = new SCRAMSHA1ClientAuthenticator("abcdefgh", false, idnConverter, crypto);
        testling.setCredentials("user", new SafeByteArray("pass"), "");
        assertTrue(testling.setChallenge(new ByteArray("r=abcdefghABCDEFGH,s=MTIzNDU2NzgK,i=4096")));

        SafeByteArray response = testling.getResponse();

        assertEquals(new SafeByteArray("c=biws,r=abcdefghABCDEFGH,p=CZbjGDpIteIJwQNBgO0P8pKkMGY="), response);
    }

    @Test
    public void testGetFinalResponse_WithoutChannelBindingWithTLSChannelBindingData() {
        SCRAMSHA1ClientAuthenticator testling = new SCRAMSHA1ClientAuthenticator("abcdefgh", false, idnConverter, crypto);
        testling.setCredentials("user", new SafeByteArray("pass"), "");
        testling.setTLSChannelBindingData(new ByteArray("xyza"));
        testling.setChallenge(new ByteArray("r=abcdefghABCDEFGH,s=MTIzNDU2NzgK,i=4096"));

        SafeByteArray response = testling.getResponse();

        assertEquals(new SafeByteArray("c=eSws,r=abcdefghABCDEFGH,p=JNpsiFEcxZvNZ1+FFBBqrYvYxMk="), response);
    }

    @Test
    public void testGetFinalResponse_WithChannelBindingWithTLSChannelBindingData() {
        SCRAMSHA1ClientAuthenticator testling = new SCRAMSHA1ClientAuthenticator("abcdefgh", true, idnConverter, crypto);
        testling.setCredentials("user", new SafeByteArray("pass"), "");
        testling.setTLSChannelBindingData(new ByteArray("xyza"));
        testling.setChallenge(new ByteArray("r=abcdefghABCDEFGH,s=MTIzNDU2NzgK,i=4096"));

        SafeByteArray response = testling.getResponse();

        assertEquals(new SafeByteArray("c=cD10bHMtdW5pcXVlLCx4eXph,r=abcdefghABCDEFGH,p=i6Rghite81P1ype8XxaVAa5l7v0="), response);
    }

    @Test
    public void testSetFinalChallenge() {
        SCRAMSHA1ClientAuthenticator testling = new SCRAMSHA1ClientAuthenticator("abcdefgh", false, idnConverter, crypto);
        testling.setCredentials("user", new SafeByteArray("pass"), "");
        testling.setChallenge(new ByteArray("r=abcdefghABCDEFGH,s=MTIzNDU2NzgK,i=4096"));

        boolean result = testling.setChallenge(new ByteArray("v=Dd+Q20knZs9jeeK0pi1Mx1Se+yo="));

        assertTrue(result);
    }

    @Test
    public void testSetChallenge() {
        SCRAMSHA1ClientAuthenticator testling = new SCRAMSHA1ClientAuthenticator("abcdefgh", false, idnConverter, crypto);
        testling.setCredentials("user", new SafeByteArray("pass"), "");

        boolean result = testling.setChallenge(new ByteArray("r=abcdefghABCDEFGH,s=MTIzNDU2NzgK,i=4096"));

        assertTrue(result);
    }

    @Test
    public void testSetChallenge_InvalidClientNonce() {
        SCRAMSHA1ClientAuthenticator testling = new SCRAMSHA1ClientAuthenticator("abcdefgh", false, idnConverter, crypto);
        testling.setCredentials("user", new SafeByteArray("pass"), "");

        boolean result = testling.setChallenge(new ByteArray("r=abcdefgiABCDEFGH,s=MTIzNDU2NzgK,i=4096"));

        assertTrue(!result);
    }

    @Test
    public void testSetChallenge_OnlyClientNonce() {
        SCRAMSHA1ClientAuthenticator testling = new SCRAMSHA1ClientAuthenticator("abcdefgh", false, idnConverter, crypto);
        testling.setCredentials("user", new SafeByteArray("pass"), "");

        boolean result = testling.setChallenge(new ByteArray("r=abcdefgh,s=MTIzNDU2NzgK,i=4096"));

        assertTrue(!result);
    }

    @Test
    public void testSetChallenge_InvalidIterations() {
        SCRAMSHA1ClientAuthenticator testling = new SCRAMSHA1ClientAuthenticator("abcdefgh", false, idnConverter, crypto);
        testling.setCredentials("user", new SafeByteArray("pass"), "");

        boolean result = testling.setChallenge(new ByteArray("r=abcdefghABCDEFGH,s=MTIzNDU2NzgK,i=bla"));

        assertTrue(!result);
    }

    @Test
    public void testSetChallenge_MissingIterations() {
        SCRAMSHA1ClientAuthenticator testling = new SCRAMSHA1ClientAuthenticator("abcdefgh", false, idnConverter, crypto);
        testling.setCredentials("user", new SafeByteArray("pass"), "");

        boolean result = testling.setChallenge(new ByteArray("r=abcdefghABCDEFGH,s=MTIzNDU2NzgK"));

        assertTrue(!result);
    }

    @Test
    public void testSetChallenge_ZeroIterations() {
        SCRAMSHA1ClientAuthenticator testling = new SCRAMSHA1ClientAuthenticator("abcdefgh", false, idnConverter, crypto);
        testling.setCredentials("user", new SafeByteArray("pass"), "");

        boolean result = testling.setChallenge(new ByteArray("r=abcdefghABCDEFGH,s=MTIzNDU2NzgK,i=0"));

        assertTrue(!result);
    }

    @Test
    public void testSetChallenge_NegativeIterations() {
        SCRAMSHA1ClientAuthenticator testling = new SCRAMSHA1ClientAuthenticator("abcdefgh", false, idnConverter, crypto);
        testling.setCredentials("user", new SafeByteArray("pass"), "");

        boolean result = testling.setChallenge(new ByteArray("r=abcdefghABCDEFGH,s=MTIzNDU2NzgK,i=-1"));

        assertTrue(!result);
    }

    @Test
    public void testSetFinalChallenge_InvalidChallenge() {
        SCRAMSHA1ClientAuthenticator testling = new SCRAMSHA1ClientAuthenticator("abcdefgh", false, idnConverter, crypto);
        testling.setCredentials("user", new SafeByteArray("pass"), "");
        testling.setChallenge(new ByteArray("r=abcdefghABCDEFGH,s=MTIzNDU2NzgK,i=4096"));
        boolean result = testling.setChallenge(new ByteArray("v=e26kI69ICb6zosapLLxrER/631A="));

        assertTrue(!result);
    }

    @Test
    public void testGetResponseAfterFinalChallenge() {
        SCRAMSHA1ClientAuthenticator testling = new SCRAMSHA1ClientAuthenticator("abcdefgh", false, idnConverter, crypto);
        testling.setCredentials("user", new SafeByteArray("pass"), "");
        testling.setChallenge(new ByteArray("r=abcdefghABCDEFGH,s=MTIzNDU2NzgK,i=4096"));
        testling.setChallenge(new ByteArray("v=Dd+Q20knZs9jeeK0pi1Mx1Se+yo="));

        assertTrue(testling.getResponse() == null);
    }
}