package org.geoserver.security.validation;

import java.io.IOException;
import java.util.logging.Logger;
import org.geoserver.platform.GeoServerExtensions;
import org.geoserver.security.AccessMode;
import org.geoserver.security.GeoServerSecurityManager;
import org.geoserver.security.GeoServerSecurityTestSupport;
import org.geoserver.security.GeoServerUserGroupService;
import org.geoserver.security.GeoServerUserGroupStore;
import org.geoserver.security.auth.AbstractAuthenticationProviderTest;
import org.geoserver.security.config.impl.MemoryRoleServiceConfigImpl;
import org.geoserver.security.config.impl.MemoryUserGroupServiceConfigImpl;
import org.geoserver.security.impl.DataAccessRule;
import org.geoserver.security.impl.DataAccessRuleDAO;
import org.geoserver.security.impl.GeoServerRole;
import org.geoserver.security.impl.MemoryRoleService;
import org.geoserver.security.impl.MemoryUserGroupService;
import org.geoserver.security.xml.XMLRoleService;
import org.geoserver.security.xml.XMLRoleServiceConfig;
import org.geotools.util.logging.Logging;

/* loaded from: input_file:org/geoserver/security/validation/RoleStoreValidationWrapperTest.class */
public class RoleStoreValidationWrapperTest extends GeoServerSecurityTestSupport {
    protected static Logger LOGGER = Logging.getLogger("org.geoserver.security");

    public RoleStoreValidationWrapper createStore(String str, String str2, String str3, GeoServerUserGroupService... geoServerUserGroupServiceArr) throws IOException, SecurityConfigException {
        MemoryRoleServiceConfigImpl memoryRoleServiceConfigImpl = new MemoryRoleServiceConfigImpl();
        memoryRoleServiceConfigImpl.setName(str);
        memoryRoleServiceConfigImpl.setClassName(MemoryRoleService.class.getName());
        memoryRoleServiceConfigImpl.setAdminRoleName(str2);
        memoryRoleServiceConfigImpl.setGroupAdminRoleName(str3);
        MemoryRoleService memoryRoleService = new MemoryRoleService();
        memoryRoleService.initializeFromConfig(memoryRoleServiceConfigImpl);
        memoryRoleService.setSecurityManager((GeoServerSecurityManager) GeoServerExtensions.bean(GeoServerSecurityManager.class));
        getSecurityManager().saveRoleService(memoryRoleServiceConfigImpl);
        return new RoleStoreValidationWrapper(memoryRoleService.createStore(), geoServerUserGroupServiceArr);
    }

    public RoleStoreValidationWrapper createXMLStore(String str, String str2, String str3, GeoServerUserGroupService... geoServerUserGroupServiceArr) throws IOException, SecurityConfigException {
        XMLRoleServiceConfig xMLRoleServiceConfig = new XMLRoleServiceConfig();
        xMLRoleServiceConfig.setName(str);
        xMLRoleServiceConfig.setClassName(XMLRoleService.class.getName());
        xMLRoleServiceConfig.setAdminRoleName(str2);
        xMLRoleServiceConfig.setGroupAdminRoleName(str3);
        xMLRoleServiceConfig.setFileName("roles.xml");
        getSecurityManager().saveRoleService(xMLRoleServiceConfig);
        return new RoleStoreValidationWrapper(getSecurityManager().loadRoleService(str).createStore(), geoServerUserGroupServiceArr);
    }

    protected GeoServerUserGroupStore createUGStore(String str) throws IOException {
        MemoryUserGroupServiceConfigImpl memoryUserGroupServiceConfigImpl = new MemoryUserGroupServiceConfigImpl();
        memoryUserGroupServiceConfigImpl.setName(str);
        memoryUserGroupServiceConfigImpl.setPasswordEncoderName(getPBEPasswordEncoder().getName());
        memoryUserGroupServiceConfigImpl.setPasswordPolicyName("default");
        MemoryUserGroupService memoryUserGroupService = new MemoryUserGroupService();
        memoryUserGroupService.setSecurityManager((GeoServerSecurityManager) GeoServerExtensions.bean(GeoServerSecurityManager.class));
        memoryUserGroupService.initializeFromConfig(memoryUserGroupServiceConfigImpl);
        return memoryUserGroupService.createStore();
    }

    protected void assertSecurityException(IOException iOException, String str, Object... objArr) {
        assertTrue(iOException.getCause() instanceof AbstractSecurityException);
        AbstractSecurityException cause = iOException.getCause();
        assertEquals(str, cause.getId());
        for (int i = 0; i < objArr.length; i++) {
            assertEquals(objArr[i], cause.getArgs()[i]);
        }
    }

    public void testRoleStoreWrapper() throws Exception {
        RoleStoreValidationWrapper createStore = createStore("test", null, "", new GeoServerUserGroupService[0]);
        RoleStoreValidationWrapper createXMLStore = createXMLStore("test1", null, "", new GeoServerUserGroupService[0]);
        boolean z = false;
        try {
            createStore.addRole(createStore.createRoleObject(""));
        } catch (IOException e) {
            assertSecurityException(e, "NAME_REQUIRED", new Object[0]);
            z = true;
        }
        assertTrue(z);
        createStore.addRole(createStore.createRoleObject("role1"));
        assertEquals(1, createStore.getRoles().size());
        assertEquals(1, createStore.getRoleCount());
        GeoServerRole roleByName = createStore.getRoleByName("role1");
        boolean z2 = false;
        try {
            createStore.addRole(roleByName);
        } catch (IOException e2) {
            assertSecurityException(e2, "ALREADY_EXISTS", "role1");
            z2 = true;
        }
        assertTrue(z2);
        for (GeoServerRole geoServerRole : GeoServerRole.SystemRoles) {
            boolean z3 = false;
            try {
                createStore.addRole(createStore.createRoleObject(geoServerRole.getAuthority()));
            } catch (IOException e3) {
                assertSecurityException(e3, "RESERVED_NAME", geoServerRole.getAuthority());
                z3 = true;
            }
            assertTrue(z3);
        }
        createXMLStore.addRole(createStore.createRoleObject("duplicated"));
        createXMLStore.store();
        boolean z4 = false;
        try {
            createStore.addRole(createStore.createRoleObject("duplicated"));
        } catch (IOException e4) {
            assertSecurityException(e4, "ALREADY_EXISTS_IN", "duplicated", createXMLStore.getName());
            z4 = true;
        }
        assertTrue(z4);
        boolean z5 = false;
        try {
            createStore.addRole(createStore.createRoleObject(GeoServerRole.AUTHENTICATED_ROLE.getAuthority()));
        } catch (IOException e5) {
            assertSecurityException(e5, "RESERVED_NAME", GeoServerRole.AUTHENTICATED_ROLE.getAuthority());
            z5 = true;
        }
        assertTrue(z5);
        boolean z6 = false;
        try {
            createStore.updateRole(createStore.createRoleObject("xxx"));
        } catch (IOException e6) {
            assertSecurityException(e6, "NOT_FOUND", "xxx");
            z6 = true;
        }
        assertTrue(z6);
        createStore.addRole(createStore.createRoleObject("parent1"));
        GeoServerRole roleByName2 = createStore.getRoleByName("parent1");
        assertNotNull(roleByName2);
        boolean z7 = false;
        try {
            createStore.setParentRole(roleByName, createStore.createRoleObject("xxx"));
        } catch (IOException e7) {
            assertSecurityException(e7, "NOT_FOUND", "xxx");
            z7 = true;
        }
        assertTrue(z7);
        createStore.setParentRole(roleByName, roleByName2);
        createStore.setParentRole(roleByName, (GeoServerRole) null);
        boolean z8 = false;
        try {
            createStore.associateRoleToGroup(roleByName, "");
        } catch (IOException e8) {
            assertSecurityException(e8, "GROUPNAME_REQUIRED", new Object[0]);
            z8 = true;
        }
        assertTrue(z8);
        boolean z9 = false;
        try {
            createStore.disAssociateRoleFromGroup(roleByName, "");
        } catch (IOException e9) {
            assertSecurityException(e9, "GROUPNAME_REQUIRED", new Object[0]);
            z9 = true;
        }
        assertTrue(z9);
        boolean z10 = false;
        try {
            createStore.associateRoleToUser(roleByName, "");
        } catch (IOException e10) {
            assertSecurityException(e10, "USERNAME_REQUIRED", new Object[0]);
            z10 = true;
        }
        assertTrue(z10);
        boolean z11 = false;
        try {
            createStore.disAssociateRoleFromUser(roleByName, "");
        } catch (IOException e11) {
            assertSecurityException(e11, "USERNAME_REQUIRED", new Object[0]);
            z11 = true;
        }
        assertTrue(z11);
        createStore.associateRoleToGroup(roleByName, "group1");
        createStore.associateRoleToUser(roleByName, AbstractAuthenticationProviderTest.testUserName);
        boolean z12 = false;
        try {
            createStore.getRolesForUser((String) null);
        } catch (IOException e12) {
            assertSecurityException(e12, "USERNAME_REQUIRED", new Object[0]);
            z12 = true;
        }
        assertTrue(z12);
        boolean z13 = false;
        try {
            createStore.getRolesForGroup((String) null);
        } catch (IOException e13) {
            assertSecurityException(e13, "GROUPNAME_REQUIRED", new Object[0]);
            z13 = true;
        }
        assertTrue(z13);
        assertEquals(1, createStore.getRolesForGroup("group1").size());
        assertEquals(1, createStore.getRolesForUser(AbstractAuthenticationProviderTest.testUserName).size());
        createStore.disAssociateRoleFromGroup(roleByName, "group1");
        createStore.disAssociateRoleFromUser(roleByName, AbstractAuthenticationProviderTest.testUserName);
        DataAccessRuleDAO dataAccessRuleDAO = DataAccessRuleDAO.get();
        DataAccessRule dataAccessRule = new DataAccessRule();
        dataAccessRule.setAccessMode(AccessMode.READ);
        dataAccessRule.setWorkspace("*");
        dataAccessRule.setLayer("*");
        dataAccessRule.getRoles().add(roleByName.getAuthority());
        dataAccessRuleDAO.addRule(dataAccessRule);
        dataAccessRuleDAO.storeRules();
        RoleStoreValidationWrapper roleStoreValidationWrapper = new RoleStoreValidationWrapper(createStore.getWrappedService(), true, new GeoServerUserGroupService[0]);
        boolean z14 = false;
        try {
            roleStoreValidationWrapper.removeRole(roleByName2);
            roleStoreValidationWrapper.removeRole(roleByName);
        } catch (IOException e14) {
            assertSecurityException(e14, "ROLE_IN_USE", roleByName.getAuthority(), dataAccessRule.getKey());
            z14 = true;
        }
        assertTrue(z14);
        dataAccessRuleDAO.removeRule(dataAccessRule);
        dataAccessRuleDAO.storeRules();
        roleStoreValidationWrapper.removeRole(roleByName);
    }

    public void testRoleStoreWrapperWithUGServices() throws Exception {
        GeoServerUserGroupStore createUGStore = createUGStore("test1");
        createUGStore.addUser(createUGStore.createUserObject(AbstractAuthenticationProviderTest.testUserName, "abc", true));
        createUGStore.addGroup(createUGStore.createGroupObject("group1", true));
        createUGStore.store();
        GeoServerUserGroupStore createUGStore2 = createUGStore("test2");
        createUGStore2.addUser(createUGStore.createUserObject("user2", "abc", true));
        createUGStore2.addGroup(createUGStore.createGroupObject("group2", true));
        createUGStore2.store();
        RoleStoreValidationWrapper createStore = createStore("test", null, null, createUGStore, createUGStore2);
        GeoServerRole createRoleObject = createStore.createRoleObject("role1");
        createStore.addRole(createRoleObject);
        createStore.store();
        createStore.associateRoleToGroup(createRoleObject, "group1");
        createStore.associateRoleToGroup(createRoleObject, "group2");
        boolean z = false;
        try {
            createStore.associateRoleToGroup(createRoleObject, "group3");
        } catch (IOException e) {
            assertSecurityException(e, "GROUPNAME_NOT_FOUND", "group3");
            z = true;
        }
        assertTrue(z);
        createStore.associateRoleToUser(createRoleObject, AbstractAuthenticationProviderTest.testUserName);
        createStore.associateRoleToUser(createRoleObject, AbstractAuthenticationProviderTest.testUserName);
        boolean z2 = false;
        try {
            createStore.associateRoleToUser(createRoleObject, "user3");
        } catch (IOException e2) {
            assertSecurityException(e2, "USERNAME_NOT_FOUND", "user3");
            z2 = true;
        }
        assertTrue(z2);
        assertEquals(1, createStore.getRolesForGroup("group1").size());
        assertEquals(1, createStore.getRolesForUser(AbstractAuthenticationProviderTest.testUserName).size());
        boolean z3 = false;
        try {
            createStore.getRolesForGroup("group3");
        } catch (IOException e3) {
            assertSecurityException(e3, "GROUPNAME_NOT_FOUND", "group3");
            z3 = true;
        }
        assertTrue(z3);
        boolean z4 = false;
        try {
            createStore.getRolesForUser("user3");
        } catch (IOException e4) {
            assertSecurityException(e4, "USERNAME_NOT_FOUND", "user3");
            z4 = true;
        }
        assertTrue(z4);
        createStore.disAssociateRoleFromGroup(createRoleObject, "group1");
        createStore.disAssociateRoleFromGroup(createRoleObject, "group2");
        boolean z5 = false;
        try {
            createStore.disAssociateRoleFromGroup(createRoleObject, "group3");
        } catch (IOException e5) {
            assertSecurityException(e5, "GROUPNAME_NOT_FOUND", "group3");
            z5 = true;
        }
        assertTrue(z5);
        createStore.disAssociateRoleFromUser(createRoleObject, AbstractAuthenticationProviderTest.testUserName);
        createStore.disAssociateRoleFromUser(createRoleObject, AbstractAuthenticationProviderTest.testUserName);
        boolean z6 = false;
        try {
            createStore.disAssociateRoleFromUser(createRoleObject, "user3");
        } catch (IOException e6) {
            assertSecurityException(e6, "USERNAME_NOT_FOUND", "user3");
            z6 = true;
        }
        assertTrue(z6);
        createStore.removeRole(createRoleObject);
    }

    public void testMappedRoles() throws Exception {
        RoleStoreValidationWrapper createXMLStore = createXMLStore("test", "admin", "groupAdmin", new GeoServerUserGroupService[0]);
        createXMLStore.addRole(createXMLStore.createRoleObject("admin"));
        createXMLStore.addRole(createXMLStore.createRoleObject("groupAdmin"));
        createXMLStore.addRole(createXMLStore.createRoleObject("role1"));
        createXMLStore.store();
        RoleStoreValidationWrapper roleStoreValidationWrapper = new RoleStoreValidationWrapper(getSecurityManager().loadRoleService("test").createStore(), new GeoServerUserGroupService[0]);
        boolean z = false;
        try {
            roleStoreValidationWrapper.removeRole(roleStoreValidationWrapper.createRoleObject("admin"));
        } catch (IOException e) {
            assertSecurityException(e, "ADMIN_ROLE_NOT_REMOVABLE", "admin");
            z = true;
        }
        assertTrue(z);
        boolean z2 = false;
        try {
            roleStoreValidationWrapper.removeRole(roleStoreValidationWrapper.createRoleObject("groupAdmin"));
        } catch (IOException e2) {
            assertSecurityException(e2, "GROUP_ADMIN_ROLE_NOT_REMOVABLE", "groupAdmin");
            z2 = true;
        }
        assertTrue(z2);
        roleStoreValidationWrapper.removeRole(roleStoreValidationWrapper.createRoleObject("role1"));
    }
}
