package org.geoserver.security.password;

import java.io.File;
import java.util.List;
import org.apache.commons.io.FileUtils;
import org.geoserver.data.test.SystemTestData;
import org.geoserver.security.GeoServerSecurityTestSupport;
import org.geoserver.security.auth.GeoServerRootAuthenticationProvider;
import org.geoserver.security.validation.MasterPasswordChangeException;
import org.geoserver.test.SystemTest;
import org.geotools.data.DataUtilities;
import org.junit.Assert;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;

@Category({SystemTest.class})
/* loaded from: input_file:org/geoserver/security/password/MasterPasswordChangeTest.class */
public class MasterPasswordChangeTest extends GeoServerSecurityTestSupport {
    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.geoserver.test.GeoServerSystemTestSupport
    public void setUpSpring(List<String> list) {
        super.setUpSpring(list);
        list.add(getClass().getResource(getClass().getSimpleName() + "-context.xml").toString());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.geoserver.test.GeoServerSystemTestSupport
    public void onSetUp(SystemTestData systemTestData) throws Exception {
        super.onSetUp(systemTestData);
        applicationContext.getBeanFactory().registerSingleton("testMasterPasswordProvider", new TestMasterPasswordProvider());
    }

    @Test
    public void testMasterPasswordChange() throws Exception {
        String masterPassword = getMasterPassword();
        MasterPasswordConfig masterPasswordConfig = getSecurityManager().getMasterPasswordConfig();
        Assert.assertTrue(getSecurityManager().loadMasterPassswordProviderConfig(masterPasswordConfig.getProviderName()).getURL().toString().endsWith("passwd"));
        getSecurityManager().getKeyStoreProvider().reloadKeyStore();
        try {
            getSecurityManager().saveMasterPasswordConfig(masterPasswordConfig, (char[]) null, (char[]) null, (char[]) null);
            Assert.fail();
        } catch (MasterPasswordChangeException e) {
        }
        URLMasterPasswordProviderConfig uRLMasterPasswordProviderConfig = new URLMasterPasswordProviderConfig();
        uRLMasterPasswordProviderConfig.setName("rw");
        uRLMasterPasswordProviderConfig.setClassName(URLMasterPasswordProvider.class.getCanonicalName());
        uRLMasterPasswordProviderConfig.setReadOnly(false);
        uRLMasterPasswordProviderConfig.setURL(DataUtilities.fileToURL(new File(getSecurityManager().get("security").dir(), "mpw1.properties")));
        getSecurityManager().saveMasterPasswordProviderConfig(uRLMasterPasswordProviderConfig);
        MasterPasswordConfig masterPasswordConfig2 = getSecurityManager().getMasterPasswordConfig();
        masterPasswordConfig2.setProviderName(uRLMasterPasswordProviderConfig.getName());
        getSecurityManager().saveMasterPasswordConfig(masterPasswordConfig2, masterPassword.toCharArray(), "geoserver1".toCharArray(), "geoserver1".toCharArray());
        Assert.assertEquals("geoserver1", getMasterPassword());
        getSecurityManager().getKeyStoreProvider().getConfigPasswordKey();
        URLMasterPasswordProviderConfig uRLMasterPasswordProviderConfig2 = new URLMasterPasswordProviderConfig();
        uRLMasterPasswordProviderConfig2.setName("ro");
        uRLMasterPasswordProviderConfig2.setClassName(URLMasterPasswordProvider.class.getCanonicalName());
        uRLMasterPasswordProviderConfig2.setReadOnly(true);
        File file = new File(getSecurityManager().get("security").dir(), "mpw2.properties");
        uRLMasterPasswordProviderConfig2.setURL(DataUtilities.fileToURL(file));
        FileUtils.writeStringToFile(file, "geoserver2");
        getSecurityManager().saveMasterPasswordProviderConfig(uRLMasterPasswordProviderConfig2);
        MasterPasswordConfig masterPasswordConfig3 = getSecurityManager().getMasterPasswordConfig();
        masterPasswordConfig3.setProviderName("ro");
        getSecurityManager().saveMasterPasswordConfig(masterPasswordConfig3, "geoserver1".toCharArray(), (char[]) null, "geoserver2".toCharArray());
        Assert.assertEquals("geoserver2", getMasterPassword());
        getSecurityManager().getKeyStoreProvider().getConfigPasswordKey();
        MasterPasswordProviderConfig masterPasswordProviderConfig = new MasterPasswordProviderConfig();
        masterPasswordProviderConfig.setName("test");
        masterPasswordProviderConfig.setClassName(TestMasterPasswordProvider.class.getCanonicalName());
        getSecurityManager().saveMasterPasswordProviderConfig(masterPasswordProviderConfig);
        MasterPasswordConfig masterPasswordConfig4 = getSecurityManager().getMasterPasswordConfig();
        masterPasswordConfig4.setProviderName("test");
        getSecurityManager().saveMasterPasswordConfig(masterPasswordConfig4, "geoserver2".toCharArray(), "geoserver3".toCharArray(), "geoserver3".toCharArray());
        getSecurityManager().getKeyStoreProvider().commitMasterPasswordChange();
        Assert.assertEquals("geoserver3", getMasterPassword());
        getSecurityManager().getKeyStoreProvider().getConfigPasswordKey();
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken("root", "geoserver3");
        GeoServerRootAuthenticationProvider geoServerRootAuthenticationProvider = new GeoServerRootAuthenticationProvider();
        geoServerRootAuthenticationProvider.setSecurityManager(getSecurityManager());
        Assert.assertTrue(geoServerRootAuthenticationProvider.authenticate(usernamePasswordAuthenticationToken).isAuthenticated());
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken2 = new UsernamePasswordAuthenticationToken("root", "abcdefghijk");
        Assert.assertNull(geoServerRootAuthenticationProvider.authenticate(usernamePasswordAuthenticationToken2));
        Assert.assertFalse(usernamePasswordAuthenticationToken2.isAuthenticated());
    }
}
