<?php

namespace PSX\Framework\Tests\Filter;

use PSX\Http\Authentication;
use PSX\Http\Exception\BadRequestException;
use PSX\Http\Exception\UnauthorizedException;
use PSX\Http\Filter\DigestAuthentication;
use PSX\Http\Filter\DigestAuthentication\Digest;
use PSX\Http\Filter\DigestAuthentication\MemoryStore;
use PSX\Http\Filter\DigestAuthentication\StoreInterface;
use PSX\Http\Filter\FilterChain;
use PSX\Http\FilterChainInterface;
use PSX\Http\Request;
use PSX\Http\Response;
use PSX\Http\Tests\Filter\FilterTestCase;
use PSX\Uri\Url;

/**
 * DigestAuthenticationTest
 *
 * @author  Christoph Kappestein <christoph.kappestein@gmail.com>
 * @license http://www.apache.org/licenses/LICENSE-2.0
 * @link    http://phpsx.org
 */
class DigestAuthenticationTest extends FilterTestCase
{
    public function testSuccessful()
    {
        $store  = new MemoryStore();
        $handle = $this->makeHandshake($store);

        $handle->onSuccess(function () {
            // success
        });

        $username = 'test';
        $password = 'test';

        $container = $store->toArray();
        /** @var Digest $digest */
        $digest    = array_shift($container);

        $nonce    = $digest->getNonce();
        $opaque   = $digest->getOpaque();
        $cnonce   = md5(uniqid());
        $nc       = '00000001';
        $ha1      = md5($username . ':psx:' . $password);
        $ha2      = md5('GET:/index.php');
        $response = md5($ha1 . ':' . $nonce . ':' . $nc . ':' . $cnonce . ':auth:' . $ha2);

        $params = array(
            'username' => $username,
            'realm'    => 'psx',
            'nonce'    => $nonce,
            'qop'      => 'auth',
            'nc'       => $nc,
            'cnonce'   => $cnonce,
            'response' => $response,
            'opaque'   => $opaque,
        );

        $request  = new Request(new Url('http://localhost/index.php'), 'GET', array('Authorization' => 'Digest ' . Authentication::encodeParameters($params)));
        $response = new Response();

        $handle->handle($request, $response, $this->getFilterChain(true, $request, $response));
    }

    public function testFailure()
    {
        $this->expectException(BadRequestException::class);

        $store  = new MemoryStore();
        $handle = $this->makeHandshake($store);

        $username = 'test';
        $password = 'bar';

        $container = $store->toArray();
        /** @var Digest $digest */
        $digest    = array_shift($container);

        $nonce    = $digest->getNonce();
        $opaque   = $digest->getOpaque();
        $cnonce   = md5(uniqid());
        $nc       = '00000001';
        $ha1      = md5($username . ':psx:' . $password);
        $ha2      = md5('GET:/index.php');
        $response = md5($ha1 . ':' . $nonce . ':' . $nc . ':' . $cnonce . ':auth:' . $ha2);

        $params = array(
            'username' => $username,
            'realm'    => 'psx',
            'nonce'    => $nonce,
            'qop'      => 'auth',
            'nc'       => $nc,
            'cnonce'   => $cnonce,
            'response' => $response,
            'opaque'   => $opaque,
        );

        $request  = new Request(new Url('http://localhost/index.php'), 'GET', array('Authorization' => 'Digest ' . Authentication::encodeParameters($params)));
        $response = new Response();

        $handle->handle($request, $response, $this->getFilterChain(false));
    }

    public function testMissing()
    {
        $store  = new MemoryStore();
        $handle = new DigestAuthentication(function ($username) {
            return md5($username . ':psx:test');
        }, $store);

        $request  = new Request(new Url('http://localhost/index.php'), 'GET');
        $response = new Response();

        try {
            $handle->handle($request, $response, $this->getFilterChain(false));

            $this->fail('Must throw an Exception');
        } catch (UnauthorizedException $e) {
            $this->assertEquals(401, $e->getStatusCode());
            $this->assertEquals('Digest', $e->getType());

            $params = $e->getParameters();

            $this->assertEquals('auth,auth-int', $params['qop']);
            $this->assertTrue(strlen($params['nonce']) > 8);
            $this->assertTrue(strlen($params['opaque']) > 8);
        }
    }

    public function testMissingWrongType()
    {
        $store  = new MemoryStore();
        $handle = new DigestAuthentication(function ($username) {
            return md5($username . ':psx:test');
        }, $store);

        $request  = new Request(new Url('http://localhost'), 'GET', array('Authorization' => 'Foo'));
        $response = new Response();

        try {
            $handle->handle($request, $response, $this->getFilterChain(false));

            $this->fail('Must throw an Exception');
        } catch (UnauthorizedException $e) {
            $this->assertEquals(401, $e->getStatusCode());
            $this->assertEquals('Digest', $e->getType());

            $params = $e->getParameters();

            $this->assertEquals('auth,auth-int', $params['qop']);
            $this->assertTrue(strlen($params['nonce']) > 8);
            $this->assertTrue(strlen($params['opaque']) > 8);
        }
    }

    protected function makeHandshake(StoreInterface $store)
    {
        // first we make an normal request without authentication then we should
        // get an 401 response with the nonce and opaque then we can make an
        // authentication request
        $handle = new DigestAuthentication(function ($username) {
            return md5($username . ':psx:test');
        }, $store);

        $request  = new Request(new Url('http://localhost/index.php'), 'GET');
        $response = new Response();

        try {
            $handle->handle($request, $response, $this->getFilterChain(false));

            $this->fail('Must throw an Exception');
        } catch (UnauthorizedException $e) {
            $this->assertEquals(401, $e->getStatusCode());
            $this->assertEquals('Digest', $e->getType());

            $params = $e->getParameters();

            $this->assertEquals('auth,auth-int', $params['qop']);
            $this->assertTrue(strlen($params['nonce']) > 8);
            $this->assertTrue(strlen($params['opaque']) > 8);
        }

        return $handle;
    }
}
__halt_compiler();----SIGNATURE:----gKGjvEItLqrQtsKGfIweRV2QFVm/m5ZTmZY69Dd01Z7fm05F9Lk3dxdoL86CSc+fj90htGDqxq6g3rU4iQ7peIWhRqzwi7ubKfDKr0ygB7uQpmyxjuc4Jr322DWrswFlI14q4nPlZCTc9W1GV98JGyOH2NHrP86C1Dp59JrmwY0tqfThKah4HvTm45SjFWAqtGNDnHVVqrHkAPkgBRIprY3trTyfj83AapBPUCw2HyDRfCNKE3C32yoWdoCodvbD3cCt6jAYrc/SQrZ1Ll7uXKU77ANORBi3NUg7DgvduK8SDUpO3KVrkJraxcBkZ17ZoaXJrTHpcZMdqmA5GtEGhY8eMg4mUBPMRS83CaahSzNdjxNS9Sb9gRENQTGik8/v4KSMfCCLMvWmWY0ZBDbYXYiss6RU34xEBD+LAHuTcpf2rxUCUmfec5/O5zmkMq2DRC4Ad5nq7tfNtB20xF7TwyBM/8vkHN1EKF+mRs8PvhPzJUtZ3xRT5TAHOWQPYfi0doptoiCIksfJsWHyXID5Ba1xOxU4uoklK1eQ7gb2uekWFYqZ3O53jDKvVoooQkbxLOIY53eJToAZezu2EGY8DMEbtFy2DetGaHOv2puK4t8TnpeP1bttIDAKGQ4ErxT3bO0Em78XJrgt2Tv6YP007CCFDNouBe7w/TWlqYWA/aI=----ATTACHMENT:----NDc3ODcxNzc2MDM0NjgzMiA4MjMwMDcwMzQ5MDg2MjM2IDQzNzI1MTgzNzgzODYyODM=