package org.geoserver.security.impl;

import java.io.File;
import java.io.FileInputStream;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.xpath.XPathFactory;
import org.geoserver.catalog.Catalog;
import org.geoserver.catalog.DataStoreInfo;
import org.geoserver.catalog.WorkspaceInfo;
import org.geoserver.config.GeoServerPersister;
import org.geoserver.config.util.XStreamPersister;
import org.geoserver.config.util.XStreamPersisterFactory;
import org.geoserver.platform.GeoServerExtensions;
import org.geoserver.security.GeoServerRoleService;
import org.geoserver.security.GeoServerSecurityManager;
import org.geoserver.security.GeoServerUserGroupService;
import org.geoserver.security.GeoServerUserGroupStore;
import org.geoserver.security.config.SecurityManagerConfig;
import org.geoserver.security.config.impl.MemoryRoleServiceConfigImpl;
import org.geoserver.security.config.impl.MemoryUserGroupServiceConfigImpl;
import org.geoserver.security.filter.GeoServerBasicAuthenticationFilterTest;
import org.geoserver.security.password.DecodingUserDetailsService;
import org.geoserver.security.password.GeoServerPlainTextPasswordEncoder;
import org.geoserver.test.SystemTest;
import org.hamcrest.CoreMatchers;
import org.junit.Assert;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

@Category({SystemTest.class})
/* loaded from: input_file:org/geoserver/security/impl/MemoryUserDetailsServiceTest.class */
public class MemoryUserDetailsServiceTest extends AbstractUserDetailsServiceTest {
    static final String plainTextRole = "plainrole";
    static final String plainTextUserGroup = "plainuserGroup";

    public GeoServerRoleService createRoleService(String str) throws Exception {
        MemoryRoleServiceConfigImpl roleConfig = getRoleConfig(str);
        MemoryRoleService memoryRoleService = new MemoryRoleService();
        memoryRoleService.setSecurityManager((GeoServerSecurityManager) GeoServerExtensions.bean(GeoServerSecurityManager.class));
        memoryRoleService.initializeFromConfig(roleConfig);
        getSecurityManager().saveRoleService(roleConfig);
        return memoryRoleService;
    }

    public MemoryRoleServiceConfigImpl getRoleConfig(String str) {
        MemoryRoleServiceConfigImpl memoryRoleServiceConfigImpl = new MemoryRoleServiceConfigImpl();
        memoryRoleServiceConfigImpl.setName(str);
        memoryRoleServiceConfigImpl.setClassName(MemoryRoleService.class.getName());
        memoryRoleServiceConfigImpl.setToBeEncrypted(plainTextRole);
        return memoryRoleServiceConfigImpl;
    }

    public GeoServerUserGroupService createUserGroupService(String str) throws Exception {
        return createUserGroupService(str, getPBEPasswordEncoder().getName());
    }

    public GeoServerUserGroupService createUserGroupService(String str, String str2) throws Exception {
        MemoryUserGroupServiceConfigImpl userGroupConfg = getUserGroupConfg(str, str2);
        MemoryUserGroupService memoryUserGroupService = new MemoryUserGroupService();
        memoryUserGroupService.setSecurityManager((GeoServerSecurityManager) GeoServerExtensions.bean(GeoServerSecurityManager.class));
        memoryUserGroupService.initializeFromConfig(userGroupConfg);
        getSecurityManager().saveUserGroupService(userGroupConfg);
        return memoryUserGroupService;
    }

    public MemoryUserGroupServiceConfigImpl getUserGroupConfg(String str, String str2) {
        MemoryUserGroupServiceConfigImpl memoryUserGroupServiceConfigImpl = new MemoryUserGroupServiceConfigImpl();
        memoryUserGroupServiceConfigImpl.setName(str);
        memoryUserGroupServiceConfigImpl.setClassName(MemoryUserGroupService.class.getName());
        memoryUserGroupServiceConfigImpl.setPasswordEncoderName(str2);
        memoryUserGroupServiceConfigImpl.setPasswordPolicyName("default");
        memoryUserGroupServiceConfigImpl.setToBeEncrypted(plainTextUserGroup);
        return memoryUserGroupServiceConfigImpl;
    }

    @Test
    public void testDecodingUserDetailsService() throws Exception {
        GeoServerUserGroupService createUserGroupService = createUserGroupService("test");
        DecodingUserDetailsService newInstance = DecodingUserDetailsService.newInstance(createUserGroupService);
        GeoServerUserGroupStore createStore = createStore(createUserGroupService);
        insertValues(createStore);
        createStore.store();
        Assert.assertFalse(GeoServerBasicAuthenticationFilterTest.PASSWORD.equals(createUserGroupService.loadUserByUsername("admin").getPassword()));
        Assert.assertTrue(GeoServerBasicAuthenticationFilterTest.PASSWORD.equals(newInstance.loadUserByUsername("admin").getPassword()));
    }

    @Test
    public void testCopyFrom() throws Exception {
        copyFrom(createUserGroupService("copyFrom"), createUserGroupService("copyTo"));
        copyFrom(createUserGroupService("copyFrom1", getPlainTextPasswordEncoder().getName()), createUserGroupService("copyTo1", getPlainTextPasswordEncoder().getName()));
        copyFrom(createUserGroupService("copyFrom2"), createUserGroupService("copyTo2", getDigestPasswordEncoder().getName()));
        copyFrom(createUserGroupService("copyFrom3", getDigestPasswordEncoder().getName()), createUserGroupService("copyTo3", getDigestPasswordEncoder().getName()));
        copyFrom(createUserGroupService("copyFrom4", getDigestPasswordEncoder().getName()), createUserGroupService("copyTo4"));
    }

    protected void copyFrom(GeoServerUserGroupService geoServerUserGroupService, GeoServerUserGroupService geoServerUserGroupService2) throws Exception {
        GeoServerUserGroupStore createStore = createStore(geoServerUserGroupService);
        GeoServerUserGroupStore createStore2 = createStore(geoServerUserGroupService2);
        createStore.clear();
        checkEmpty(createStore);
        insertValues(createStore);
        Util.copyFrom(createStore, createStore2);
        createStore.clear();
        checkEmpty(createStore);
        checkValuesInserted(createStore2);
        createStore2.clear();
        checkEmpty(createStore2);
    }

    @Test
    public void testEncryption() throws Exception {
        SecurityManagerConfig securityConfig = getSecurityManager().getSecurityConfig();
        GeoServerPlainTextPasswordEncoder plainTextPasswordEncoder = getPlainTextPasswordEncoder();
        String str = String.valueOf(plainTextPasswordEncoder.getPrefix()) + ":";
        securityConfig.setConfigPasswordEncrypterName(plainTextPasswordEncoder.getName());
        getSecurityManager().saveSecurityConfig(securityConfig);
        String str2 = String.valueOf(getPBEPasswordEncoder().getPrefix()) + ":";
        MemoryRoleServiceConfigImpl roleConfig = getRoleConfig("testEncrypt");
        MemoryUserGroupServiceConfigImpl userGroupConfg = getUserGroupConfg("testEncrypt", getPlainTextPasswordEncoder().getName());
        getSecurityManager().saveRoleService(roleConfig);
        getSecurityManager().saveUserGroupService(userGroupConfg);
        File file = new File(getSecurityManager().get("security/role").dir(), "testEncrypt");
        File file2 = new File(getSecurityManager().get("security/usergroup").dir(), "testEncrypt");
        File file3 = new File(file, "config.xml");
        File file4 = new File(file2, "config.xml");
        Assert.assertTrue(file3.exists());
        Assert.assertTrue(file4.exists());
        Document parse = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(file4);
        Element element = (Element) DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(file3).getDocumentElement().getElementsByTagName("toBeEncrypted").item(0);
        Element element2 = (Element) parse.getDocumentElement().getElementsByTagName("toBeEncrypted").item(0);
        Assert.assertEquals(String.valueOf(str) + plainTextRole, element.getTextContent());
        Assert.assertEquals(String.valueOf(str) + plainTextUserGroup, element2.getTextContent());
        Assert.assertEquals(plainTextRole, getSecurityManager().loadRoleService("testEncrypt").getToBeEncrypted());
        Assert.assertEquals(plainTextUserGroup, getSecurityManager().loadUserGroupService("testEncrypt").getToBeEncrypted());
        SecurityManagerConfig securityConfig2 = getSecurityManager().getSecurityConfig();
        securityConfig2.setConfigPasswordEncrypterName(getPBEPasswordEncoder().getName());
        getSecurityManager().saveSecurityConfig(securityConfig2);
        getSecurityManager().updateConfigurationFilesWithEncryptedFields();
        Document parse2 = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(file4);
        Element element3 = (Element) DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(file3).getDocumentElement().getElementsByTagName("toBeEncrypted").item(0);
        Element element4 = (Element) parse2.getDocumentElement().getElementsByTagName("toBeEncrypted").item(0);
        Assert.assertTrue(element3.getTextContent().startsWith(str2));
        Assert.assertTrue(element4.getTextContent().startsWith(str2));
        Assert.assertEquals(plainTextRole, getSecurityManager().loadRoleService("testEncrypt").getToBeEncrypted());
        Assert.assertEquals(plainTextUserGroup, getSecurityManager().loadUserGroupService("testEncrypt").getToBeEncrypted());
    }

    @Test
    public void testEncryption2() throws Exception {
        SecurityManagerConfig securityConfig = getSecurityManager().getSecurityConfig();
        securityConfig.setConfigPasswordEncrypterName(getPBEPasswordEncoder().getName());
        getSecurityManager().saveSecurityConfig(securityConfig);
        String str = String.valueOf(getPBEPasswordEncoder().getPrefix()) + ":";
        MemoryRoleServiceConfigImpl roleConfig = getRoleConfig("testEncrypt2");
        MemoryUserGroupServiceConfigImpl userGroupConfg = getUserGroupConfg("testEncrypt2", getPlainTextPasswordEncoder().getName());
        getSecurityManager().saveRoleService(roleConfig);
        getSecurityManager().saveUserGroupService(userGroupConfg);
        File file = new File(getSecurityManager().get("security/role").dir(), "testEncrypt2");
        File file2 = new File(getSecurityManager().get("security/usergroup").dir(), "testEncrypt2");
        File file3 = new File(file, "config.xml");
        File file4 = new File(file2, "config.xml");
        Assert.assertTrue(file3.exists());
        Assert.assertTrue(file4.exists());
        Document parse = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(file4);
        Element element = (Element) DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(file3).getDocumentElement().getElementsByTagName("toBeEncrypted").item(0);
        Element element2 = (Element) parse.getDocumentElement().getElementsByTagName("toBeEncrypted").item(0);
        Assert.assertTrue(element.getTextContent().startsWith(str));
        Assert.assertTrue(element2.getTextContent().startsWith(str));
        Assert.assertEquals(plainTextRole, getSecurityManager().loadRoleService("testEncrypt2").getToBeEncrypted());
        Assert.assertEquals(plainTextUserGroup, getSecurityManager().loadUserGroupService("testEncrypt2").getToBeEncrypted());
        securityConfig.setConfigPasswordEncrypterName(getPlainTextPasswordEncoder().getName());
        String str2 = String.valueOf(getPlainTextPasswordEncoder().getPrefix()) + ":";
        getSecurityManager().saveSecurityConfig(securityConfig);
        getSecurityManager().updateConfigurationFilesWithEncryptedFields();
        Document parse2 = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(file4);
        Element element3 = (Element) DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(file3).getDocumentElement().getElementsByTagName("toBeEncrypted").item(0);
        Element element4 = (Element) parse2.getDocumentElement().getElementsByTagName("toBeEncrypted").item(0);
        Assert.assertEquals(String.valueOf(str2) + plainTextRole, element3.getTextContent());
        Assert.assertEquals(String.valueOf(str2) + plainTextUserGroup, element4.getTextContent());
        Assert.assertEquals(plainTextRole, getSecurityManager().loadRoleService("testEncrypt2").getToBeEncrypted());
        Assert.assertEquals(plainTextUserGroup, getSecurityManager().loadUserGroupService("testEncrypt2").getToBeEncrypted());
    }

    @Test
    public void testPasswordPersistence() throws Exception {
        Catalog catalog = getCatalog();
        SecurityManagerConfig securityConfig = getSecurityManager().getSecurityConfig();
        GeoServerPlainTextPasswordEncoder plainTextPasswordEncoder = getPlainTextPasswordEncoder();
        String str = String.valueOf(plainTextPasswordEncoder.getPrefix()) + ":";
        securityConfig.setConfigPasswordEncrypterName(plainTextPasswordEncoder.getName());
        getSecurityManager().saveSecurityConfig(securityConfig);
        catalog.addListener(new GeoServerPersister(getResourceLoader(), new XStreamPersisterFactory().createXMLPersister()));
        WorkspaceInfo createWorkspace = catalog.getFactory().createWorkspace();
        createWorkspace.setName("password");
        catalog.add(createWorkspace);
        DataStoreInfo createDataStore = catalog.getFactory().createDataStore();
        createDataStore.setName("password");
        createDataStore.getConnectionParameters().put("user", "testuser");
        createDataStore.getConnectionParameters().put("passwd", "secret");
        createDataStore.getConnectionParameters().put("host", "localhost");
        createDataStore.getConnectionParameters().put("port", "5432");
        createDataStore.getConnectionParameters().put("database", "testdb");
        createDataStore.getConnectionParameters().put("dbtype", "postgisng");
        createDataStore.setWorkspace(createWorkspace);
        catalog.add(createDataStore);
        File file = new File(getDataDirectory().root(), "workspaces/password/password/datastore.xml");
        Assert.assertThat(XPathFactory.newInstance().newXPath().evaluate("//entry[@key='passwd']", DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(file).getDocumentElement()), CoreMatchers.equalTo(String.valueOf(str) + "secret"));
        XStreamPersister createXMLPersister = new XStreamPersisterFactory().createXMLPersister();
        FileInputStream fileInputStream = new FileInputStream(file);
        DataStoreInfo dataStoreInfo = (DataStoreInfo) createXMLPersister.load(fileInputStream, DataStoreInfo.class);
        fileInputStream.close();
        Assert.assertEquals("secret", dataStoreInfo.getConnectionParameters().get("passwd"));
        securityConfig.setConfigPasswordEncrypterName(getPBEPasswordEncoder().getName());
        getSecurityManager().saveSecurityConfig(securityConfig);
        getSecurityManager().updateConfigurationFilesWithEncryptedFields();
        XPathFactory.newInstance().newXPath().evaluate("//entry[@key='passwd']", DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(file).getDocumentElement());
        XStreamPersister createXMLPersister2 = new XStreamPersisterFactory().createXMLPersister();
        FileInputStream fileInputStream2 = new FileInputStream(file);
        Assert.assertEquals("secret", ((DataStoreInfo) createXMLPersister2.load(fileInputStream2, DataStoreInfo.class)).getConnectionParameters().get("passwd"));
        fileInputStream2.close();
    }
}
