package org.geoserver.security;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Properties;
import org.geoserver.platform.GeoServerEnvironment;
import org.geoserver.platform.resource.Files;
import org.geoserver.security.config.SecurityManagerConfig;
import org.geoserver.security.filter.GeoServerBasicAuthenticationFilterTest;
import org.geoserver.security.impl.GeoServerRole;
import org.geoserver.test.SystemTest;
import org.junit.Assert;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;

@Category({SystemTest.class})
/* loaded from: input_file:org/geoserver/security/GeoServerSecurityManagerTest.class */
public class GeoServerSecurityManagerTest extends GeoServerSecurityTestSupport {
    @Test
    public void testAdminRole() throws Exception {
        GeoServerSecurityManager securityManager = getSecurityManager();
        TestingAuthenticationToken testingAuthenticationToken = new TestingAuthenticationToken("admin", GeoServerBasicAuthenticationFilterTest.PASSWORD, Arrays.asList(GeoServerRole.ADMIN_ROLE));
        testingAuthenticationToken.setAuthenticated(true);
        Assert.assertTrue(securityManager.checkAuthenticationForAdminRole(testingAuthenticationToken));
    }

    @Test
    public void testMasterPasswordForMigration() throws Exception {
        GeoServerSecurityManager securityManager = getSecurityManager();
        char[] extractMasterPasswordForMigration = securityManager.extractMasterPasswordForMigration((Properties) null);
        Assert.assertTrue(extractMasterPasswordForMigration.length == 8);
        Assert.assertTrue(masterPWInfoFileContains(new String(extractMasterPasswordForMigration)));
        Properties properties = new Properties();
        String str = new String(GeoServerSecurityManager.MASTER_PASSWD_DEFAULT);
        properties.put("admin", String.valueOf(str) + "," + GeoServerRole.ADMIN_ROLE);
        properties.put("user1", String.valueOf(str) + "," + GeoServerRole.ADMIN_ROLE);
        properties.put("user2", String.valueOf(str) + ",ROLE_WFS");
        char[] extractMasterPasswordForMigration2 = securityManager.extractMasterPasswordForMigration(properties);
        Assert.assertTrue(extractMasterPasswordForMigration2.length == 8);
        Assert.assertTrue(masterPWInfoFileContains(new String(extractMasterPasswordForMigration2)));
        Assert.assertFalse(masterPWInfoFileContains("admin"));
        Assert.assertFalse(masterPWInfoFileContains("user1"));
        Assert.assertFalse(masterPWInfoFileContains("user2"));
        properties.put("user2", "validPassword,ROLE_WFS");
        char[] extractMasterPasswordForMigration3 = securityManager.extractMasterPasswordForMigration(properties);
        Assert.assertTrue(extractMasterPasswordForMigration3.length == 8);
        Assert.assertTrue(masterPWInfoFileContains(new String(extractMasterPasswordForMigration3)));
        properties.put("user1", "abc," + GeoServerRole.ADMIN_ROLE);
        char[] extractMasterPasswordForMigration4 = securityManager.extractMasterPasswordForMigration(properties);
        Assert.assertTrue(extractMasterPasswordForMigration4.length == 8);
        Assert.assertTrue(masterPWInfoFileContains(new String(extractMasterPasswordForMigration4)));
        properties.put("user1", String.valueOf("validPassword") + "," + GeoServerRole.ADMIN_ROLE);
        Assert.assertEquals("validPassword", new String(securityManager.extractMasterPasswordForMigration(properties)));
        Assert.assertFalse(masterPWInfoFileContains("validPassword"));
        Assert.assertTrue(masterPWInfoFileContains("user1"));
        properties.put("admin", String.valueOf("validPassword") + "," + GeoServerRole.ADMIN_ROLE);
        Assert.assertEquals("validPassword", new String(securityManager.extractMasterPasswordForMigration(properties)));
        Assert.assertFalse(masterPWInfoFileContains("validPassword"));
        Assert.assertTrue(masterPWInfoFileContains("admin"));
        securityManager.reload();
    }

    @Test
    public void testMasterPasswordDump() throws Exception {
        GeoServerSecurityManager securityManager = getSecurityManager();
        File createTempFile = File.createTempFile("masterpw", "info");
        createTempFile.delete();
        try {
            Assert.assertFalse(securityManager.dumpMasterPassword(Files.asResource(createTempFile)));
            TestingAuthenticationToken testingAuthenticationToken = new TestingAuthenticationToken("admin", GeoServerBasicAuthenticationFilterTest.PASSWORD, Arrays.asList(GeoServerRole.ADMIN_ROLE));
            testingAuthenticationToken.setAuthenticated(true);
            SecurityContextHolder.getContext().setAuthentication(testingAuthenticationToken);
            Assert.assertTrue(securityManager.dumpMasterPassword(Files.asResource(createTempFile)));
            dumpPWInfoFile(createTempFile);
            Assert.assertTrue(masterPWInfoFileContains(createTempFile, new String(securityManager.getMasterPassword())));
        } finally {
            createTempFile.delete();
        }
    }

    @Test
    public void testMasterPasswordDumpNotAuthorized() throws Exception {
        GeoServerSecurityManager securityManager = getSecurityManager();
        File createTempFile = File.createTempFile("masterpw", "info");
        try {
            Assert.assertFalse(securityManager.dumpMasterPassword(Files.asResource(createTempFile)));
            TestingAuthenticationToken testingAuthenticationToken = new TestingAuthenticationToken("admin", GeoServerBasicAuthenticationFilterTest.PASSWORD, Arrays.asList(GeoServerRole.ADMIN_ROLE));
            testingAuthenticationToken.setAuthenticated(true);
            SecurityContextHolder.getContext().setAuthentication(testingAuthenticationToken);
            Assert.assertFalse(securityManager.dumpMasterPassword(Files.asResource(createTempFile)));
        } finally {
            createTempFile.delete();
        }
    }

    @Test
    public void testMasterPasswordDumpNotOverwrite() throws Exception {
        GeoServerSecurityManager securityManager = getSecurityManager();
        File createTempFile = File.createTempFile("masterpw", "info");
        Throwable th = null;
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(createTempFile);
            try {
                fileOutputStream.write("This should not be overwritten!".getBytes(StandardCharsets.UTF_8));
                if (fileOutputStream != null) {
                    fileOutputStream.close();
                }
                try {
                    Assert.assertFalse(securityManager.dumpMasterPassword(Files.asResource(createTempFile)));
                    TestingAuthenticationToken testingAuthenticationToken = new TestingAuthenticationToken("admin", GeoServerBasicAuthenticationFilterTest.PASSWORD, Arrays.asList(GeoServerRole.ADMIN_ROLE));
                    testingAuthenticationToken.setAuthenticated(true);
                    SecurityContextHolder.getContext().setAuthentication(testingAuthenticationToken);
                    Assert.assertFalse(securityManager.dumpMasterPassword(Files.asResource(createTempFile)));
                    dumpPWInfoFile(createTempFile);
                    Assert.assertTrue(masterPWInfoFileContains(createTempFile, "This should not be overwritten!"));
                    Assert.assertFalse(masterPWInfoFileContains(createTempFile, new String(securityManager.getMasterPassword())));
                } finally {
                    createTempFile.delete();
                }
            } catch (Throwable th2) {
                if (fileOutputStream != null) {
                    fileOutputStream.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    void dumpPWInfoFile(File file) throws Exception {
        BufferedReader bufferedReader = new BufferedReader(new FileReader(file));
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                bufferedReader.close();
                return;
            }
            System.out.println(readLine);
        }
    }

    void dumpPWInfoFile() throws Exception {
        dumpPWInfoFile(new File(getSecurityManager().get("security").dir(), "masterpw.info"));
    }

    boolean masterPWInfoFileContains(File file, String str) throws Exception {
        String readLine;
        BufferedReader bufferedReader = new BufferedReader(new FileReader(file));
        do {
            readLine = bufferedReader.readLine();
            if (readLine == null) {
                bufferedReader.close();
                return false;
            }
        } while (readLine.indexOf(str) == -1);
        bufferedReader.close();
        return true;
    }

    boolean masterPWInfoFileContains(String str) throws Exception {
        return masterPWInfoFileContains(new File(getSecurityManager().get("security").dir(), "masterpw.info"), str);
    }

    @Test
    public void testWebLoginChainSessionCreation() throws Exception {
        Assert.assertTrue(getSecurityManager().loadSecurityConfig().getFilterChain().getRequestChainByName("webLogin").isAllowSessionCreation());
    }

    @Test
    public void testGeoServerEnvParametrization() throws Exception {
        GeoServerSecurityManager securityManager = getSecurityManager();
        SecurityManagerConfig loadSecurityConfig = securityManager.loadSecurityConfig();
        String roleServiceName = loadSecurityConfig.getRoleServiceName();
        try {
            if (GeoServerEnvironment.ALLOW_ENV_PARAMETRIZATION) {
                System.setProperty("TEST_SYS_PROPERTY", roleServiceName);
                loadSecurityConfig.setRoleServiceName("${TEST_SYS_PROPERTY}");
                securityManager.saveSecurityConfig(loadSecurityConfig);
                Assert.assertEquals(securityManager.loadSecurityConfig().getRoleServiceName(), roleServiceName);
            }
        } finally {
            loadSecurityConfig.setRoleServiceName(roleServiceName);
            securityManager.saveSecurityConfig(loadSecurityConfig);
            System.clearProperty("TEST_SYS_PROPERTY");
        }
    }
}
