package org.geoserver.rest.security;

import java.io.IOException;
import java.text.MessageFormat;
import org.geoserver.data.test.SystemTestData;
import org.geoserver.security.password.MasterPasswordProviderConfig;
import org.junit.Assert;
import org.junit.Test;
import org.w3c.dom.Document;

/* loaded from: input_file:org/geoserver/rest/security/MasterPasswordControllerTest.class */
public class MasterPasswordControllerTest extends SecurityRESTTestSupport {
    static final String MP_URI_JSON = "/rest/security/masterpw.json";
    static final String MP_URI_XML = "/rest/security/masterpw.xml";
    String xmlTemplate = "<masterPassword><oldMasterPassword>{0}</oldMasterPassword><newMasterPassword>{1}</newMasterPassword></masterPassword>";
    String jsonTemplate = "{\"oldMasterPassword\":\"%s\",\"newMasterPassword\":\"%s\"}";

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.geoserver.rest.security.SecurityRESTTestSupport
    public void onSetUp(SystemTestData systemTestData) throws Exception {
        super.onSetUp(systemTestData);
        MasterPasswordProviderConfig loadMasterPassswordProviderConfig = getSecurityManager().loadMasterPassswordProviderConfig(getSecurityManager().getMasterPasswordConfig().getProviderName());
        loadMasterPassswordProviderConfig.setLoginEnabled(true);
        getSecurityManager().saveMasterPasswordProviderConfig(loadMasterPassswordProviderConfig);
    }

    @Test
    public void testGetAsXML() throws Exception {
        Document asDOM = getAsDOM(MP_URI_XML, 200);
        Assert.assertEquals("masterPassword", asDOM.getDocumentElement().getNodeName());
        Assert.assertEquals("geoserver", xp.evaluate("/masterPassword/oldMasterPassword", asDOM));
    }

    @Test
    public void testGetAsXMLNotAuthorized() throws Exception {
        logout();
        Assert.assertEquals(403L, getAsServletResponse(MP_URI_XML).getStatus());
    }

    @Test
    public void testGetAsJSON() throws Exception {
        Assert.assertEquals("geoserver", (String) getAsJSON(MP_URI_JSON).get("oldMasterPassword"));
    }

    @Test
    public void testUnallowedMethod() throws Exception {
        boolean z = false;
        try {
            getSecurityManager().getMasterPasswordForREST();
        } catch (IOException e) {
            z = true;
        }
        Assert.assertTrue(z);
    }

    @Test
    public void testPutUnauthorized() throws Exception {
        logout();
        Assert.assertEquals(405L, putAsServletResponse(MP_URI_XML, MessageFormat.format(this.xmlTemplate, "geoserver", "abc"), "text/xml").getStatus());
    }

    @Test
    public void testPutInvalidNewPassword() throws Exception {
        Assert.assertEquals(422L, putAsServletResponse(MP_URI_XML, MessageFormat.format(this.xmlTemplate, "geoserver", "abc"), "text/xml").getStatus());
    }

    @Test
    public void testPutInvalidCurrentPassword() throws Exception {
        Assert.assertEquals(422L, putAsServletResponse(MP_URI_XML, MessageFormat.format(this.xmlTemplate, "geoserverXY", "geoserver1"), "text/xml").getStatus());
    }

    @Test
    public void testPutAsXML() throws Exception {
        Assert.assertEquals(200L, putAsServletResponse(MP_URI_XML, MessageFormat.format(this.xmlTemplate, "geoserver", "geoserver1"), "text/xml").getStatus());
        Assert.assertTrue(getSecurityManager().checkMasterPassword("geoserver1"));
        Assert.assertEquals(200L, putAsServletResponse(MP_URI_XML, MessageFormat.format(this.xmlTemplate, "geoserver1", "geoserver"), "text/xml").getStatus());
        Assert.assertTrue(getSecurityManager().checkMasterPassword("geoserver"));
    }

    @Test
    public void testPutAsJSON() throws Exception {
        Assert.assertEquals(200L, putAsServletResponse(MP_URI_JSON, String.format(this.jsonTemplate, "geoserver", "geoserver1"), "text/json").getStatus());
        Assert.assertTrue(getSecurityManager().checkMasterPassword("geoserver1"));
        Assert.assertEquals(200L, putAsServletResponse(MP_URI_JSON, String.format(this.jsonTemplate, "geoserver1", "geoserver"), "text/json").getStatus());
        Assert.assertTrue(getSecurityManager().checkMasterPassword("geoserver"));
    }
}
