package org.geoserver.security.xml;

import java.io.File;
import java.io.IOException;
import java.util.Arrays;
import java.util.TreeSet;
import java.util.logging.Logger;
import org.easymock.classextension.EasyMock;
import org.geoserver.platform.resource.Files;
import org.geoserver.security.GeoServerRoleService;
import org.geoserver.security.GeoServerSecurityManager;
import org.geoserver.security.GeoServerUserGroupService;
import org.geoserver.security.auth.UsernamePasswordAuthenticationProvider;
import org.geoserver.security.config.SecurityRoleServiceConfig;
import org.geoserver.security.config.SecurityUserGroupServiceConfig;
import org.geoserver.security.impl.GeoServerUserGroup;
import org.geoserver.security.validation.SecurityConfigException;
import org.geoserver.security.validation.SecurityConfigValidatorTest;
import org.geotools.util.logging.Logging;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;

/* loaded from: input_file:org/geoserver/security/xml/XMLSecurityConfigValidatorTest.class */
public class XMLSecurityConfigValidatorTest extends SecurityConfigValidatorTest {

    @Rule
    public TemporaryFolder tempFolder = new TemporaryFolder();
    protected static Logger LOGGER = Logging.getLogger("org.geoserver.security");

    protected SecurityUserGroupServiceConfig createUGConfig(String str, Class<?> cls, String str2, String str3, String str4) {
        XMLUserGroupServiceConfig xMLUserGroupServiceConfig = new XMLUserGroupServiceConfig();
        xMLUserGroupServiceConfig.setName(str);
        xMLUserGroupServiceConfig.setClassName(cls.getName());
        xMLUserGroupServiceConfig.setPasswordEncoderName(str2);
        xMLUserGroupServiceConfig.setPasswordPolicyName(str3);
        xMLUserGroupServiceConfig.setCheckInterval(0L);
        xMLUserGroupServiceConfig.setFileName(str4);
        return xMLUserGroupServiceConfig;
    }

    protected SecurityRoleServiceConfig createRoleConfig(String str, Class<?> cls, String str2, String str3) {
        XMLRoleServiceConfig xMLRoleServiceConfig = new XMLRoleServiceConfig();
        xMLRoleServiceConfig.setName(str);
        xMLRoleServiceConfig.setClassName(cls.getName());
        xMLRoleServiceConfig.setAdminRoleName(str2);
        xMLRoleServiceConfig.setCheckInterval(0L);
        xMLRoleServiceConfig.setFileName(str3);
        return xMLRoleServiceConfig;
    }

    @Override // org.geoserver.security.validation.SecurityConfigValidatorTest
    @Test
    public void testRoleConfig() throws IOException {
        super.testRoleConfig();
        XMLRoleServiceConfig createRoleConfig = createRoleConfig(XMLRoleService.DEFAULT_NAME, XMLRoleService.class, XMLRoleService.DEFAULT_LOCAL_ADMIN_ROLE, "roles.xml");
        XMLSecurityConfigValidator xMLSecurityConfigValidator = new XMLSecurityConfigValidator(getSecurityManager());
        try {
            createRoleConfig.setName("default2");
            createRoleConfig.setCheckInterval(-1L);
            xMLSecurityConfigValidator.validateAddRoleService(createRoleConfig);
            Assert.fail("invalid interval should fail");
        } catch (SecurityConfigException e) {
            Assert.assertEquals("CHECK_INTERVAL_INVALID", e.getId());
            Assert.assertEquals(0L, e.getArgs().length);
        }
        try {
            createRoleConfig.setCheckInterval(999L);
            xMLSecurityConfigValidator.validateAddRoleService(createRoleConfig);
            Assert.fail("invalid interval should fail");
        } catch (SecurityConfigException e2) {
            Assert.assertEquals("CHECK_INTERVAL_INVALID", e2.getId());
            Assert.assertEquals(0L, e2.getArgs().length);
        }
        createRoleConfig.setCheckInterval(0L);
        XMLRoleServiceConfig createRoleConfig2 = createRoleConfig("test1", XMLRoleService.class, XMLRoleService.DEFAULT_LOCAL_ADMIN_ROLE, "test1.xml");
        try {
            xMLSecurityConfigValidator.validateAddRoleService(createRoleConfig2);
        } catch (SecurityConfigException e3) {
            Assert.fail("Should work but got: " + e3.getMessage());
        }
        if (new XMLSecurityConfigValidator(getSecurityManager()).getTempDir() != null) {
            String str = "abc" + File.separator + "def.xml";
            try {
                xMLSecurityConfigValidator.validateAddRoleService(createRoleConfig("test4", XMLRoleService.class, XMLRoleService.DEFAULT_LOCAL_ADMIN_ROLE, str));
                Assert.fail("file creation failure should occur");
            } catch (SecurityConfigException e4) {
                Assert.assertEquals("FILE_CREATE_FAILED", e4.getId());
                Assert.assertEquals(str, e4.getArgs()[0]);
            }
        }
        GeoServerSecurityManager geoServerSecurityManager = (GeoServerSecurityManager) EasyMock.createNiceMock(GeoServerSecurityManager.class);
        GeoServerRoleService geoServerRoleService = (GeoServerRoleService) EasyMock.createNiceMock(GeoServerRoleService.class);
        org.easymock.EasyMock.expect(Integer.valueOf(geoServerRoleService.getRoleCount())).andReturn(0).anyTimes();
        org.easymock.EasyMock.expect(geoServerSecurityManager.loadRoleService("test1")).andReturn(geoServerRoleService).anyTimes();
        GeoServerRoleService geoServerRoleService2 = (GeoServerRoleService) EasyMock.createNiceMock(GeoServerRoleService.class);
        org.easymock.EasyMock.expect(Integer.valueOf(geoServerRoleService2.getRoleCount())).andReturn(1).anyTimes();
        org.easymock.EasyMock.expect(geoServerSecurityManager.loadRoleService("test2")).andReturn(geoServerRoleService2).anyTimes();
        GeoServerRoleService geoServerRoleService3 = (GeoServerRoleService) EasyMock.createNiceMock(GeoServerRoleService.class);
        org.easymock.EasyMock.expect(Integer.valueOf(geoServerRoleService3.getRoleCount())).andReturn(1).anyTimes();
        org.easymock.EasyMock.expect(geoServerSecurityManager.loadRoleService("test3")).andReturn(geoServerRoleService3).anyTimes();
        GeoServerRoleService geoServerRoleService4 = (GeoServerRoleService) EasyMock.createNiceMock(GeoServerRoleService.class);
        org.easymock.EasyMock.expect(Integer.valueOf(geoServerRoleService4.getRoleCount())).andReturn(1).anyTimes();
        org.easymock.EasyMock.expect(geoServerSecurityManager.loadRoleService("test4")).andReturn(geoServerRoleService4).anyTimes();
        GeoServerRoleService geoServerRoleService5 = (GeoServerRoleService) EasyMock.createNiceMock(GeoServerRoleService.class);
        org.easymock.EasyMock.expect(geoServerRoleService5.getName()).andReturn("foo").anyTimes();
        org.easymock.EasyMock.expect(geoServerSecurityManager.getActiveRoleService()).andReturn(geoServerRoleService5).anyTimes();
        org.easymock.EasyMock.expect(geoServerSecurityManager.role()).andReturn(Files.asResource(this.tempFolder.getRoot())).anyTimes();
        org.easymock.EasyMock.expect(geoServerSecurityManager.listRoleServices()).andReturn(new TreeSet(Arrays.asList("test1", "test2", "test3", "test4"))).anyTimes();
        EasyMock.replay(new Object[]{geoServerRoleService, geoServerRoleService2, geoServerRoleService3, geoServerRoleService4, geoServerRoleService5, geoServerSecurityManager});
        XMLSecurityConfigValidator xMLSecurityConfigValidator2 = new XMLSecurityConfigValidator(geoServerSecurityManager);
        try {
            xMLSecurityConfigValidator2.validateRemoveRoleService(createRoleConfig2);
        } catch (SecurityConfigException e5) {
            Assert.fail("Should work but got: " + e5.getMessage());
        }
        try {
            xMLSecurityConfigValidator2.validateRemoveRoleService(createRoleConfig("test2", XMLRoleService.class, XMLRoleService.DEFAULT_LOCAL_ADMIN_ROLE, "test2.xml"));
            Assert.fail("non empty role service should fail");
        } catch (SecurityConfigException e6) {
            Assert.assertEquals("ROLE_SERVICE_NOT_EMPTY", e6.getId());
            Assert.assertEquals("test2", e6.getArgs()[0]);
        }
        try {
            xMLSecurityConfigValidator2.validateRemoveRoleService(createRoleConfig("test3", XMLRoleService.class, XMLRoleService.DEFAULT_LOCAL_ADMIN_ROLE, new File(getSecurityManager().role().dir(), "test3.xml").getAbsolutePath()));
        } catch (SecurityConfigException e7) {
            Assert.fail("Should work");
        }
        XMLRoleServiceConfig createRoleConfig3 = createRoleConfig("test4", XMLRoleService.class, XMLRoleService.DEFAULT_LOCAL_ADMIN_ROLE, "testModify.xml");
        XMLRoleServiceConfig xMLRoleServiceConfig = new XMLRoleServiceConfig(createRoleConfig3);
        try {
            createRoleConfig3.setValidating(true);
            xMLSecurityConfigValidator2.validateModifiedRoleService(createRoleConfig3, createRoleConfig3);
        } catch (SecurityConfigException e8) {
            Assert.fail("Should work");
        }
        try {
            createRoleConfig3.setFileName("xyz.xml");
            xMLSecurityConfigValidator2.validateModifiedRoleService(createRoleConfig3, xMLRoleServiceConfig);
            Assert.fail("invalid filename change should fail");
        } catch (SecurityConfigException e9) {
            Assert.assertEquals("FILENAME_CHANGE_INVALID", e9.getId());
            Assert.assertEquals("testModify.xml", e9.getArgs()[0]);
            Assert.assertEquals("xyz.xml", e9.getArgs()[1]);
        }
    }

    @Override // org.geoserver.security.validation.SecurityConfigValidatorTest
    @Test
    public void testUserGroupConfig() throws IOException {
        super.testUserGroupConfig();
        XMLUserGroupServiceConfig createUGConfig = createUGConfig(XMLUserGroupService.DEFAULT_NAME, XMLUserGroupService.class, getPlainTextPasswordEncoder().getName(), "default", "users.xml");
        XMLSecurityConfigValidator xMLSecurityConfigValidator = new XMLSecurityConfigValidator(getSecurityManager());
        try {
            createUGConfig.setName("default2");
            createUGConfig.setCheckInterval(-1L);
            xMLSecurityConfigValidator.validateAddUserGroupService(createUGConfig);
            Assert.fail("invalid check interval should fail");
        } catch (SecurityConfigException e) {
            Assert.assertEquals("CHECK_INTERVAL_INVALID", e.getId());
            Assert.assertEquals(0L, e.getArgs().length);
        }
        try {
            createUGConfig.setCheckInterval(999L);
            xMLSecurityConfigValidator.validateAddUserGroupService(createUGConfig);
            Assert.fail("invalid check interval should fail");
        } catch (SecurityConfigException e2) {
            Assert.assertEquals("CHECK_INTERVAL_INVALID", e2.getId());
            Assert.assertEquals(0L, e2.getArgs().length);
        }
        createUGConfig.setCheckInterval(0L);
        XMLUserGroupServiceConfig createUGConfig2 = createUGConfig("test1", XMLUserGroupService.class, getPlainTextPasswordEncoder().getName(), "default", "test1.xml");
        new GeoServerUserGroup("testgroup");
        try {
            xMLSecurityConfigValidator.validateAddUserGroupService(createUGConfig2);
        } catch (SecurityConfigException e3) {
            Assert.fail("Should work but got: " + e3.getMessage());
        }
        XMLUserGroupServiceConfig createUGConfig3 = createUGConfig("test5", XMLUserGroupService.class, getPlainTextPasswordEncoder().getName(), "default", "abc.xml");
        try {
            xMLSecurityConfigValidator.validateAddUserGroupService(createUGConfig3);
        } catch (SecurityConfigException e4) {
            Assert.fail("Should work but got: " + e4.getMessage());
        }
        try {
            createUGConfig3.setFileName("");
            xMLSecurityConfigValidator.validateAddUserGroupService(createUGConfig3);
            Assert.fail("empty file name should fail");
        } catch (SecurityConfigException e5) {
            Assert.assertEquals("FILENAME_REQUIRED", e5.getId());
            Assert.assertEquals(0L, e5.getArgs().length);
        }
        if (new XMLSecurityConfigValidator(getSecurityManager()).getTempDir() != null) {
            String str = "abc" + File.separator + "def.xml";
            try {
                xMLSecurityConfigValidator.validateAddUserGroupService(createUGConfig("test4", XMLUserGroupService.class, getPlainTextPasswordEncoder().getName(), "default", str));
                Assert.fail("file creation should fail");
            } catch (SecurityConfigException e6) {
                Assert.assertEquals("FILE_CREATE_FAILED", e6.getId());
                Assert.assertEquals(str, e6.getArgs()[0]);
            }
        }
        GeoServerSecurityManager geoServerSecurityManager = (GeoServerSecurityManager) EasyMock.createNiceMock(GeoServerSecurityManager.class);
        org.easymock.EasyMock.expect(geoServerSecurityManager.listAuthenticationProviders()).andReturn(new TreeSet()).anyTimes();
        GeoServerUserGroupService geoServerUserGroupService = (GeoServerUserGroupService) EasyMock.createNiceMock(GeoServerUserGroupService.class);
        org.easymock.EasyMock.expect(geoServerUserGroupService.getName()).andReturn("test1").anyTimes();
        org.easymock.EasyMock.expect(geoServerSecurityManager.loadUserGroupService("test1")).andReturn(geoServerUserGroupService).anyTimes();
        GeoServerUserGroupService geoServerUserGroupService2 = (GeoServerUserGroupService) EasyMock.createNiceMock(GeoServerUserGroupService.class);
        org.easymock.EasyMock.expect(geoServerUserGroupService2.getName()).andReturn("test2").anyTimes();
        org.easymock.EasyMock.expect(Integer.valueOf(geoServerUserGroupService2.getGroupCount())).andReturn(1).anyTimes();
        org.easymock.EasyMock.expect(geoServerSecurityManager.loadUserGroupService("test2")).andReturn(geoServerUserGroupService2).anyTimes();
        GeoServerUserGroupService geoServerUserGroupService3 = (GeoServerUserGroupService) EasyMock.createNiceMock(GeoServerUserGroupService.class);
        org.easymock.EasyMock.expect(geoServerUserGroupService3.getName()).andReturn("testModify").anyTimes();
        org.easymock.EasyMock.expect(geoServerSecurityManager.loadUserGroupService("testModify")).andReturn(geoServerUserGroupService2).anyTimes();
        org.easymock.EasyMock.expect(geoServerSecurityManager.listUserGroupServices()).andReturn(new TreeSet(Arrays.asList("test1", "test2", "testModify"))).anyTimes();
        org.easymock.EasyMock.expect(geoServerSecurityManager.userGroup()).andReturn(Files.asResource(this.tempFolder.getRoot())).anyTimes();
        org.easymock.EasyMock.expect(geoServerSecurityManager.loadPasswordEncoder(getPlainTextPasswordEncoder().getName())).andReturn(getPlainTextPasswordEncoder()).anyTimes();
        org.easymock.EasyMock.expect(geoServerSecurityManager.listPasswordValidators()).andReturn(new TreeSet(Arrays.asList("default"))).anyTimes();
        EasyMock.replay(new Object[]{geoServerUserGroupService, geoServerUserGroupService2, geoServerUserGroupService3, geoServerSecurityManager});
        XMLSecurityConfigValidator xMLSecurityConfigValidator2 = new XMLSecurityConfigValidator(geoServerSecurityManager);
        try {
            xMLSecurityConfigValidator2.validateRemoveUserGroupService(createUGConfig2);
        } catch (SecurityConfigException e7) {
            Assert.fail("Should work but got: " + e7.getMessage());
        }
        try {
            xMLSecurityConfigValidator2.validateRemoveUserGroupService(createUGConfig("test2", XMLUserGroupService.class, getPlainTextPasswordEncoder().getName(), "default", "test2.xml"));
            Assert.fail("non empty ug service should fail");
        } catch (SecurityConfigException e8) {
            Assert.assertEquals("USERGROUP_SERVICE_NOT_EMPTY", e8.getId());
            Assert.assertEquals("test2", e8.getArgs()[0]);
        }
        try {
            xMLSecurityConfigValidator2.validateRemoveUserGroupService(createUGConfig("test3", XMLUserGroupService.class, getPlainTextPasswordEncoder().getName(), "default", new File(getSecurityManager().userGroup().dir(), "test3.xml").getAbsolutePath()));
        } catch (SecurityConfigException e9) {
            Assert.fail("Should work but got: " + e9.getMessage());
        }
        XMLUserGroupServiceConfig createUGConfig4 = createUGConfig("testModify", XMLUserGroupService.class, getPlainTextPasswordEncoder().getName(), "default", "testModify.xml");
        XMLUserGroupServiceConfig xMLUserGroupServiceConfig = new XMLUserGroupServiceConfig(createUGConfig4);
        try {
            createUGConfig4.setValidating(true);
            xMLSecurityConfigValidator2.validateModifiedUserGroupService(createUGConfig4, xMLUserGroupServiceConfig);
        } catch (SecurityConfigException e10) {
            Assert.fail("Should work but got: " + e10.getMessage());
        }
        try {
            createUGConfig4.setFileName("xyz.xml");
            xMLSecurityConfigValidator2.validateModifiedUserGroupService(createUGConfig4, xMLUserGroupServiceConfig);
            Assert.fail("invalid file name change should fail");
        } catch (SecurityConfigException e11) {
            Assert.assertEquals("FILENAME_CHANGE_INVALID", e11.getId());
            Assert.assertEquals("testModify.xml", e11.getArgs()[0]);
            Assert.assertEquals("xyz.xml", e11.getArgs()[1]);
        }
    }

    @Override // org.geoserver.security.validation.SecurityConfigValidatorTest
    @Test
    public void testAuthenticationProvider() throws IOException {
        super.testAuthenticationProvider();
        try {
            new XMLSecurityConfigValidator(getSecurityManager()).validateAddAuthProvider(createAuthConfig("default2", UsernamePasswordAuthenticationProvider.class, null));
            Assert.fail("no user group service should fail");
        } catch (SecurityConfigException e) {
            Assert.assertEquals("USERGROUP_SERVICE_REQUIRED", e.getId());
            Assert.assertEquals(0L, e.getArgs().length);
        }
    }
}
