package org.geoserver.security.auth;

import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.geoserver.data.test.SystemTestData;
import org.geoserver.platform.GeoServerExtensions;
import org.geoserver.security.AbstractSecurityServiceTest;
import org.geoserver.security.GeoServerAuthenticationProvider;
import org.geoserver.security.GeoServerRoleService;
import org.geoserver.security.GeoServerRoleStore;
import org.geoserver.security.GeoServerSecurityFilterChain;
import org.geoserver.security.GeoServerSecurityFilterChainProxy;
import org.geoserver.security.GeoServerUserGroupService;
import org.geoserver.security.GeoServerUserGroupStore;
import org.geoserver.security.HtmlLoginFilterChain;
import org.geoserver.security.RequestFilterChain;
import org.geoserver.security.config.SecurityManagerConfig;
import org.geoserver.security.config.UsernamePasswordAuthenticationProviderConfig;
import org.geoserver.security.config.impl.MemoryRoleServiceConfigImpl;
import org.geoserver.security.config.impl.MemoryUserGroupServiceConfigImpl;
import org.geoserver.security.impl.DigestAuthUtils;
import org.geoserver.security.impl.GeoServerRole;
import org.geoserver.security.impl.GeoServerUser;
import org.geoserver.security.impl.MemoryRoleService;
import org.geoserver.security.impl.MemoryUserGroupService;
import org.junit.Assert;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.security.core.Authentication;

/* loaded from: input_file:org/geoserver/security/auth/AbstractAuthenticationProviderTest.class */
public abstract class AbstractAuthenticationProviderTest extends AbstractSecurityServiceTest {
    public static final String testUserName = "user1";
    public static final String testPassword = "pw1";
    public static final String rootRole = "RootRole";
    public static final String derivedRole = "DerivedRole";
    protected String pattern = "/foo/**";
    public static final String testProviderName = "testAuthenticationProvider";

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.geoserver.test.GeoServerSystemTestSupport
    public void onSetUp(SystemTestData systemTestData) throws Exception {
        super.onSetUp(systemTestData);
        createServices();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.geoserver.test.GeoServerSystemTestSupport
    public void setUpSpring(List<String> list) {
        super.setUpSpring(list);
        list.add(AbstractAuthenticationProviderTest.class.getResource(AbstractAuthenticationProviderTest.class.getSimpleName() + "-context.xml").toString());
    }

    protected TestingAuthenticationCache getCache() {
        return (TestingAuthenticationCache) getSecurityManager().getAuthenticationCache();
    }

    protected void createServices() throws Exception {
        GeoServerRoleStore createStore = createRoleService("rs1").createStore();
        GeoServerRole createRoleObject = createStore.createRoleObject(rootRole);
        createStore.addRole(createRoleObject);
        GeoServerRole createRoleObject2 = createStore.createRoleObject(derivedRole);
        createStore.addRole(createRoleObject2);
        createStore.setParentRole(createRoleObject2, createRoleObject);
        createStore.associateRoleToUser(createRoleObject2, testUserName);
        createStore.associateRoleToUser(createRoleObject2, "castest");
        createStore.store();
        SecurityManagerConfig loadSecurityConfig = getSecurityManager().loadSecurityConfig();
        loadSecurityConfig.setRoleServiceName("rs1");
        getSecurityManager().saveSecurityConfig(loadSecurityConfig);
        GeoServerUserGroupService createUserGroupService = createUserGroupService("ug1");
        GeoServerUserGroupStore createStore2 = createUserGroupService.createStore();
        createStore2.addUser(createStore2.createUserObject(testUserName, testPassword, true));
        createStore2.addUser(createStore2.createUserObject("abc@xyz.com", "abc", true));
        createStore2.addUser(createStore2.createUserObject("castest", "castest", true));
        createStore2.store();
        prepareAuthProviders(createAuthProvider(testProviderName, createUserGroupService.getName()).getName());
    }

    protected void insertAnonymousFilter() throws Exception {
        SecurityManagerConfig loadSecurityConfig = getSecurityManager().loadSecurityConfig();
        loadSecurityConfig.getFilterChain().find(this.pattern).getFilterNames().add("anonymous");
        getSecurityManager().saveSecurityConfig(loadSecurityConfig);
    }

    protected void removeAnonymousFilter() throws Exception {
        SecurityManagerConfig loadSecurityConfig = getSecurityManager().loadSecurityConfig();
        loadSecurityConfig.getFilterChain().find(this.pattern).getFilterNames().remove("anonymous");
        getSecurityManager().saveSecurityConfig(loadSecurityConfig);
    }

    public GeoServerAuthenticationProvider createAuthProvider(String str, String str2) throws Exception {
        UsernamePasswordAuthenticationProviderConfig usernamePasswordAuthenticationProviderConfig = new UsernamePasswordAuthenticationProviderConfig();
        usernamePasswordAuthenticationProviderConfig.setClassName(UsernamePasswordAuthenticationProvider.class.getName());
        usernamePasswordAuthenticationProviderConfig.setUserGroupServiceName(str2);
        usernamePasswordAuthenticationProviderConfig.setName(str);
        getSecurityManager().saveAuthenticationProvider(usernamePasswordAuthenticationProviderConfig);
        return getSecurityManager().loadAuthenticationProvider(str);
    }

    @Override // org.geoserver.security.AbstractSecurityServiceTest
    public GeoServerRoleService createRoleService(String str) throws Exception {
        getSecurityManager().saveRoleService(getRoleConfig(str));
        return getSecurityManager().loadRoleService(str);
    }

    public MemoryRoleServiceConfigImpl getRoleConfig(String str) {
        MemoryRoleServiceConfigImpl memoryRoleServiceConfigImpl = new MemoryRoleServiceConfigImpl();
        memoryRoleServiceConfigImpl.setName(str);
        memoryRoleServiceConfigImpl.setClassName(MemoryRoleService.class.getName());
        memoryRoleServiceConfigImpl.setToBeEncrypted("encryptme");
        return memoryRoleServiceConfigImpl;
    }

    @Override // org.geoserver.security.AbstractSecurityServiceTest
    public GeoServerUserGroupService createUserGroupService(String str) throws Exception {
        return createUserGroupService(str, getPBEPasswordEncoder().getName());
    }

    public GeoServerUserGroupService createUserGroupService(String str, String str2) throws Exception {
        getSecurityManager().saveUserGroupService(getUserGroupConfg(str, str2));
        return getSecurityManager().loadUserGroupService(str);
    }

    public MemoryUserGroupServiceConfigImpl getUserGroupConfg(String str, String str2) {
        MemoryUserGroupServiceConfigImpl memoryUserGroupServiceConfigImpl = new MemoryUserGroupServiceConfigImpl();
        memoryUserGroupServiceConfigImpl.setName(str);
        memoryUserGroupServiceConfigImpl.setClassName(MemoryUserGroupService.class.getName());
        memoryUserGroupServiceConfigImpl.setPasswordEncoderName(str2);
        memoryUserGroupServiceConfigImpl.setPasswordPolicyName("default");
        memoryUserGroupServiceConfigImpl.setToBeEncrypted("encryptme");
        return memoryUserGroupServiceConfigImpl;
    }

    public void checkForAuthenticatedRole(Authentication authentication) {
        Assert.assertTrue(authentication.getAuthorities().contains(GeoServerRole.AUTHENTICATED_ROLE));
    }

    protected void prepareAuthProviders(String... strArr) throws Exception {
        SecurityManagerConfig securityConfig = getSecurityManager().getSecurityConfig();
        securityConfig.getAuthProviderNames().clear();
        for (String str : strArr) {
            securityConfig.getAuthProviderNames().add(str);
        }
        getSecurityManager().saveSecurityConfig(securityConfig);
    }

    protected void prepareFilterChain(Class<?> cls, String str, String... strArr) throws Exception {
        SecurityManagerConfig securityConfig = getSecurityManager().getSecurityConfig();
        GeoServerSecurityFilterChain filterChain = securityConfig.getFilterChain();
        filterChain.removeForPattern(str);
        HtmlLoginFilterChain htmlLoginFilterChain = new HtmlLoginFilterChain(new String[]{str});
        htmlLoginFilterChain.setName("testChain");
        htmlLoginFilterChain.setFilterNames(strArr);
        filterChain.getRequestChains().add(filterChain.getRequestChains().size() - 2, htmlLoginFilterChain);
        getSecurityManager().saveSecurityConfig(securityConfig);
    }

    protected void modifyChain(String str, boolean z, boolean z2, String str2) throws Exception {
        SecurityManagerConfig securityConfig = getSecurityManager().getSecurityConfig();
        RequestFilterChain find = securityConfig.getFilterChain().find(str);
        find.setDisabled(z);
        find.setAllowSessionCreation(z2);
        find.setRoleFilterName(str2);
        getSecurityManager().saveSecurityConfig(securityConfig);
    }

    protected void prepareFilterChain(String str, String... strArr) throws Exception {
        prepareFilterChain(HtmlLoginFilterChain.class, str, strArr);
    }

    protected void updateUser(String str, String str2, boolean z) throws Exception {
        GeoServerUserGroupStore createStore = getSecurityManager().loadUserGroupService(str).createStore();
        GeoServerUser userByUsername = createStore.getUserByUsername(str2);
        userByUsername.setEnabled(z);
        createStore.updateUser(userByUsername);
        createStore.store();
    }

    protected GeoServerSecurityFilterChainProxy getProxy() {
        return (GeoServerSecurityFilterChainProxy) GeoServerExtensions.bean(GeoServerSecurityFilterChainProxy.class);
    }

    protected String clientDigestString(String str, String str2, String str3, String str4) {
        Map splitEachArrayElementAndCreateMap = DigestAuthUtils.splitEachArrayElementAndCreateMap(DigestAuthUtils.splitIgnoringQuotes(str.substring(7), ','), "=", "\"");
        String str5 = (String) splitEachArrayElementAndCreateMap.get("realm");
        String str6 = (String) splitEachArrayElementAndCreateMap.get("qop");
        String str7 = (String) splitEachArrayElementAndCreateMap.get("nonce");
        return MessageFormat.format(((("Digest username=\"{0}\",realm=\"{1}\",nonce=\"{2}\",uri=\"{3}\"") + ",qop=\"{4}\",nc=\"{5}\"") + ",cnonce=\"{6}\",response=\"{7}\"") + ",opaque=\"{8}\"", str2, str5, str7, "/foo/bar", str6, "00000001", "0a4f113b", DigestAuthUtils.generateDigest(false, str2, str5, str3, str4, "/foo/bar", str6, str7, "00000001", "0a4f113b"), "5ccc069c403ebaf9f0171e9517f40e41");
    }

    protected void setCertifacteForUser(final String str, MockHttpServletRequest mockHttpServletRequest) {
        mockHttpServletRequest.setAttribute("javax.servlet.request.X509Certificate", new X509Certificate[]{new X509Certificate() { // from class: org.geoserver.security.auth.AbstractAuthenticationProviderTest.1
            @Override // java.security.cert.X509Extension
            public Set<String> getCriticalExtensionOIDs() {
                return null;
            }

            @Override // java.security.cert.X509Extension
            public byte[] getExtensionValue(String str2) {
                return null;
            }

            @Override // java.security.cert.X509Extension
            public Set<String> getNonCriticalExtensionOIDs() {
                return null;
            }

            @Override // java.security.cert.X509Extension
            public boolean hasUnsupportedCriticalExtension() {
                return false;
            }

            @Override // java.security.cert.X509Certificate
            public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException {
            }

            @Override // java.security.cert.X509Certificate
            public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException {
            }

            @Override // java.security.cert.X509Certificate
            public int getBasicConstraints() {
                return 0;
            }

            @Override // java.security.cert.X509Certificate
            public Principal getIssuerDN() {
                return null;
            }

            @Override // java.security.cert.X509Certificate
            public boolean[] getIssuerUniqueID() {
                return null;
            }

            @Override // java.security.cert.X509Certificate
            public boolean[] getKeyUsage() {
                return null;
            }

            @Override // java.security.cert.X509Certificate
            public Date getNotAfter() {
                return null;
            }

            @Override // java.security.cert.X509Certificate
            public Date getNotBefore() {
                return null;
            }

            @Override // java.security.cert.X509Certificate
            public BigInteger getSerialNumber() {
                return null;
            }

            @Override // java.security.cert.X509Certificate
            public String getSigAlgName() {
                return null;
            }

            @Override // java.security.cert.X509Certificate
            public String getSigAlgOID() {
                return null;
            }

            @Override // java.security.cert.X509Certificate
            public byte[] getSigAlgParams() {
                return null;
            }

            @Override // java.security.cert.X509Certificate
            public byte[] getSignature() {
                return null;
            }

            @Override // java.security.cert.X509Certificate
            public Principal getSubjectDN() {
                return new Principal() { // from class: org.geoserver.security.auth.AbstractAuthenticationProviderTest.1.1
                    @Override // java.security.Principal
                    public String getName() {
                        return "cn=" + str + ",ou=ou1";
                    }
                };
            }

            @Override // java.security.cert.X509Certificate
            public boolean[] getSubjectUniqueID() {
                return null;
            }

            @Override // java.security.cert.X509Certificate
            public byte[] getTBSCertificate() throws CertificateEncodingException {
                return null;
            }

            @Override // java.security.cert.X509Certificate
            public int getVersion() {
                return 0;
            }

            @Override // java.security.cert.Certificate
            public byte[] getEncoded() throws CertificateEncodingException {
                return null;
            }

            @Override // java.security.cert.Certificate
            public PublicKey getPublicKey() {
                return null;
            }

            @Override // java.security.cert.Certificate
            public String toString() {
                return null;
            }

            @Override // java.security.cert.Certificate
            public void verify(PublicKey publicKey) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
            }

            @Override // java.security.cert.Certificate
            public void verify(PublicKey publicKey, String str2) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
            }
        }});
    }
}
