package org.geoserver.security.validation;

import java.util.logging.Logger;
import org.geoserver.security.GeoServerSecurityTestSupport;
import org.geoserver.security.config.DigestAuthenticationFilterConfig;
import org.geoserver.security.config.ExceptionTranslationFilterConfig;
import org.geoserver.security.config.GeoServerRoleFilterConfig;
import org.geoserver.security.config.J2eeAuthenticationFilterConfig;
import org.geoserver.security.config.PreAuthenticatedUserNameFilterConfig;
import org.geoserver.security.config.RequestHeaderAuthenticationFilterConfig;
import org.geoserver.security.config.SecurityInterceptorFilterConfig;
import org.geoserver.security.config.UsernamePasswordAuthenticationFilterConfig;
import org.geoserver.security.config.X509CertificateAuthenticationFilterConfig;
import org.geoserver.security.filter.GeoServerDigestAuthenticationFilter;
import org.geoserver.security.filter.GeoServerExceptionTranslationFilter;
import org.geoserver.security.filter.GeoServerJ2eeAuthenticationFilter;
import org.geoserver.security.filter.GeoServerRequestHeaderAuthenticationFilter;
import org.geoserver.security.filter.GeoServerRoleFilter;
import org.geoserver.security.filter.GeoServerSecurityInterceptorFilter;
import org.geoserver.security.filter.GeoServerUserNamePasswordAuthenticationFilter;
import org.geoserver.security.filter.GeoServerX509CertificateAuthenticationFilter;
import org.geoserver.security.xml.XMLRoleService;
import org.geoserver.security.xml.XMLUserGroupService;
import org.geotools.util.logging.Logging;

/* loaded from: input_file:org/geoserver/security/validation/FilterConfigValidatorTest.class */
public class FilterConfigValidatorTest extends GeoServerSecurityTestSupport {
    protected static Logger LOGGER = Logging.getLogger("org.geoserver.security");

    public void testDigestConfigValidation() throws Exception {
        DigestAuthenticationFilterConfig digestAuthenticationFilterConfig = new DigestAuthenticationFilterConfig();
        digestAuthenticationFilterConfig.setClassName(GeoServerDigestAuthenticationFilter.class.getName());
        digestAuthenticationFilterConfig.setName("testDigest");
        boolean z = false;
        try {
            getSecurityManager().saveFilter(digestAuthenticationFilterConfig);
        } catch (FilterConfigException e) {
            assertEquals("USER_GROUP_SERVICE_NEEDED", e.getId());
            assertEquals(0, e.getArgs().length);
            LOGGER.info(e.getMessage());
            z = true;
        }
        assertTrue(z);
        digestAuthenticationFilterConfig.setUserGroupServiceName("blabla");
        boolean z2 = false;
        try {
            getSecurityManager().saveFilter(digestAuthenticationFilterConfig);
        } catch (FilterConfigException e2) {
            assertEquals("UNKNOWN_USER_GROUP_SERVICE", e2.getId());
            assertEquals(1, e2.getArgs().length);
            assertEquals("blabla", e2.getArgs()[0]);
            LOGGER.info(e2.getMessage());
            z2 = true;
        }
        assertTrue(z2);
        digestAuthenticationFilterConfig.setUserGroupServiceName(XMLUserGroupService.DEFAULT_NAME);
        digestAuthenticationFilterConfig.setNonceValiditySeconds(-1);
        boolean z3 = false;
        try {
            getSecurityManager().saveFilter(digestAuthenticationFilterConfig);
        } catch (FilterConfigException e3) {
            assertEquals("INVALID_SECONDS", e3.getId());
            assertEquals(0, e3.getArgs().length);
            LOGGER.info(e3.getMessage());
            z3 = true;
        }
        assertTrue(z3);
        digestAuthenticationFilterConfig.setNonceValiditySeconds(100);
        getSecurityManager().saveFilter(digestAuthenticationFilterConfig);
    }

    public void testRoleFilterConfigValidation() throws Exception {
        GeoServerRoleFilterConfig geoServerRoleFilterConfig = new GeoServerRoleFilterConfig();
        geoServerRoleFilterConfig.setClassName(GeoServerRoleFilter.class.getName());
        geoServerRoleFilterConfig.setName("testRoleFilter");
        boolean z = false;
        try {
            getSecurityManager().saveFilter(geoServerRoleFilterConfig);
        } catch (FilterConfigException e) {
            assertEquals("HEADER_ATTRIBUTE_NAME_REQUIRED", e.getId());
            assertEquals(0, e.getArgs().length);
            LOGGER.info(e.getMessage());
            z = true;
        }
        assertTrue(z);
        geoServerRoleFilterConfig.setHttpResponseHeaderAttrForIncludedRoles("roles");
        geoServerRoleFilterConfig.setRoleConverterName("unknown");
        boolean z2 = false;
        try {
            getSecurityManager().saveFilter(geoServerRoleFilterConfig);
        } catch (FilterConfigException e2) {
            assertEquals("UNKNOWN_ROLE_CONVERTER", e2.getId());
            assertEquals(1, e2.getArgs().length);
            assertEquals("unknown", e2.getArgs()[0]);
            LOGGER.info(e2.getMessage());
            z2 = true;
        }
        assertTrue(z2);
        geoServerRoleFilterConfig.setRoleConverterName((String) null);
        getSecurityManager().saveFilter(geoServerRoleFilterConfig);
    }

    public void testSecurityInterceptorFilterConfigValidation() throws Exception {
        SecurityInterceptorFilterConfig securityInterceptorFilterConfig = new SecurityInterceptorFilterConfig();
        securityInterceptorFilterConfig.setClassName(GeoServerSecurityInterceptorFilter.class.getName());
        securityInterceptorFilterConfig.setName("testInterceptFilter");
        boolean z = false;
        try {
            getSecurityManager().saveFilter(securityInterceptorFilterConfig);
        } catch (FilterConfigException e) {
            assertEquals("SECURITY_METADATA_SOURCE_NEEDED", e.getId());
            assertEquals(0, e.getArgs().length);
            LOGGER.info(e.getMessage());
            z = true;
        }
        assertTrue(z);
        securityInterceptorFilterConfig.setSecurityMetadataSource("unknown");
        boolean z2 = false;
        try {
            getSecurityManager().saveFilter(securityInterceptorFilterConfig);
        } catch (FilterConfigException e2) {
            assertEquals("UNKNOWN_SECURITY_METADATA_SOURCE", e2.getId());
            assertEquals(1, e2.getArgs().length);
            assertEquals("unknown", e2.getArgs()[0]);
            LOGGER.info(e2.getMessage());
            z2 = true;
        }
        assertTrue(z2);
    }

    public void testX509FilterConfigValidation() throws Exception {
        X509CertificateAuthenticationFilterConfig x509CertificateAuthenticationFilterConfig = new X509CertificateAuthenticationFilterConfig();
        x509CertificateAuthenticationFilterConfig.setClassName(GeoServerX509CertificateAuthenticationFilter.class.getName());
        x509CertificateAuthenticationFilterConfig.setName("testX509");
        check(x509CertificateAuthenticationFilterConfig);
    }

    public void testUsernamePasswordFilterConfigValidation() throws Exception {
        UsernamePasswordAuthenticationFilterConfig usernamePasswordAuthenticationFilterConfig = new UsernamePasswordAuthenticationFilterConfig();
        usernamePasswordAuthenticationFilterConfig.setClassName(GeoServerUserNamePasswordAuthenticationFilter.class.getName());
        usernamePasswordAuthenticationFilterConfig.setName("testUsernamePassword");
        boolean z = false;
        try {
            getSecurityManager().saveFilter(usernamePasswordAuthenticationFilterConfig);
        } catch (FilterConfigException e) {
            assertEquals("USER_PARAMETER_NAME_NEEDED", e.getId());
            assertEquals(0, e.getArgs().length);
            LOGGER.info(e.getMessage());
            z = true;
        }
        assertTrue(z);
        usernamePasswordAuthenticationFilterConfig.setUsernameParameterName("user");
        boolean z2 = false;
        try {
            getSecurityManager().saveFilter(usernamePasswordAuthenticationFilterConfig);
        } catch (FilterConfigException e2) {
            assertEquals("PASSWORD_PARAMETER_NAME_NEEDED", e2.getId());
            assertEquals(0, e2.getArgs().length);
            LOGGER.info(e2.getMessage());
            LOGGER.info(e2.getMessage());
            z2 = true;
        }
        assertTrue(z2);
        usernamePasswordAuthenticationFilterConfig.setPasswordParameterName("password");
        getSecurityManager().saveFilter(usernamePasswordAuthenticationFilterConfig);
    }

    public void testJ2eeFilterConfigValidation() throws Exception {
        J2eeAuthenticationFilterConfig j2eeAuthenticationFilterConfig = new J2eeAuthenticationFilterConfig();
        j2eeAuthenticationFilterConfig.setClassName(GeoServerJ2eeAuthenticationFilter.class.getName());
        j2eeAuthenticationFilterConfig.setName("testJ2ee");
        j2eeAuthenticationFilterConfig.setRoleServiceName("blabla");
        boolean z = false;
        try {
            getSecurityManager().saveFilter(j2eeAuthenticationFilterConfig);
        } catch (FilterConfigException e) {
            assertEquals("UNKNOWN_ROLE_SERVICE", e.getId());
            assertEquals(1, e.getArgs().length);
            assertEquals("blabla", e.getArgs()[0]);
            LOGGER.info(e.getMessage());
            z = true;
        }
        assertTrue(z);
        j2eeAuthenticationFilterConfig.setRoleServiceName(XMLRoleService.DEFAULT_NAME);
        getSecurityManager().saveFilter(j2eeAuthenticationFilterConfig);
    }

    public void testExceptionTranslationFilterConfigValidation() throws Exception {
        ExceptionTranslationFilterConfig exceptionTranslationFilterConfig = new ExceptionTranslationFilterConfig();
        exceptionTranslationFilterConfig.setClassName(GeoServerExceptionTranslationFilter.class.getName());
        exceptionTranslationFilterConfig.setName("testEx");
        boolean z = false;
        try {
            getSecurityManager().saveFilter(exceptionTranslationFilterConfig);
        } catch (FilterConfigException e) {
            assertEquals("ACCESS_DENIED_PAGE_NEEDED", e.getId());
            assertEquals(0, e.getArgs().length);
            LOGGER.info(e.getMessage());
            z = true;
        }
        assertTrue(z);
        exceptionTranslationFilterConfig.setAccessDeniedErrorPage("blabla");
        exceptionTranslationFilterConfig.setAuthenticationFilterName("unknown");
        boolean z2 = false;
        try {
            getSecurityManager().saveFilter(exceptionTranslationFilterConfig);
        } catch (FilterConfigException e2) {
            assertEquals("ACCESS_DENIED_PAGE_PREFIX", e2.getId());
            assertEquals(0, e2.getArgs().length);
            LOGGER.info(e2.getMessage());
            z2 = true;
        }
        assertTrue(z2);
        exceptionTranslationFilterConfig.setAccessDeniedErrorPage("/denied.jsp");
        exceptionTranslationFilterConfig.setAuthenticationFilterName("unknown");
        boolean z3 = false;
        try {
            getSecurityManager().saveFilter(exceptionTranslationFilterConfig);
        } catch (FilterConfigException e3) {
            assertEquals("INVALID_ENTRY_POINT", e3.getId());
            assertEquals(1, e3.getArgs().length);
            assertEquals("unknown", e3.getArgs()[0]);
            LOGGER.info(e3.getMessage());
            z3 = true;
        }
        assertTrue(z3);
        exceptionTranslationFilterConfig.setAuthenticationFilterName("interceptor");
        boolean z4 = false;
        try {
            getSecurityManager().saveFilter(exceptionTranslationFilterConfig);
        } catch (FilterConfigException e4) {
            assertEquals("NO_AUTH_ENTRY_POINT", e4.getId());
            assertEquals(1, e4.getArgs().length);
            assertEquals("interceptor", e4.getArgs()[0]);
            LOGGER.info(e4.getMessage());
            z4 = true;
        }
        assertTrue(z4);
        exceptionTranslationFilterConfig.setAuthenticationFilterName((String) null);
        getSecurityManager().saveFilter(exceptionTranslationFilterConfig);
    }

    public void check(PreAuthenticatedUserNameFilterConfig preAuthenticatedUserNameFilterConfig) throws Exception {
        boolean z = false;
        try {
            getSecurityManager().saveFilter(preAuthenticatedUserNameFilterConfig);
        } catch (FilterConfigException e) {
            assertEquals("ROLE_SOURCE_NEEDED", e.getId());
            assertEquals(0, e.getArgs().length);
            LOGGER.info(e.getMessage());
            z = true;
        }
        assertTrue(z);
        preAuthenticatedUserNameFilterConfig.setRoleSource(PreAuthenticatedUserNameFilterConfig.RoleSource.UserGroupService);
        boolean z2 = false;
        try {
            getSecurityManager().saveFilter(preAuthenticatedUserNameFilterConfig);
        } catch (FilterConfigException e2) {
            assertEquals("USER_GROUP_SERVICE_NEEDED", e2.getId());
            assertEquals(0, e2.getArgs().length);
            LOGGER.info(e2.getMessage());
            z2 = true;
        }
        assertTrue(z2);
        preAuthenticatedUserNameFilterConfig.setUserGroupServiceName("blabla");
        boolean z3 = false;
        try {
            getSecurityManager().saveFilter(preAuthenticatedUserNameFilterConfig);
        } catch (FilterConfigException e3) {
            assertEquals("UNKNOWN_USER_GROUP_SERVICE", e3.getId());
            assertEquals(1, e3.getArgs().length);
            assertEquals("blabla", e3.getArgs()[0]);
            LOGGER.info(e3.getMessage());
            z3 = true;
        }
        assertTrue(z3);
        preAuthenticatedUserNameFilterConfig.setUserGroupServiceName(XMLUserGroupService.DEFAULT_NAME);
        preAuthenticatedUserNameFilterConfig.setRoleSource(PreAuthenticatedUserNameFilterConfig.RoleSource.RoleService);
        preAuthenticatedUserNameFilterConfig.setRoleServiceName("blabla");
        boolean z4 = false;
        try {
            getSecurityManager().saveFilter(preAuthenticatedUserNameFilterConfig);
        } catch (FilterConfigException e4) {
            assertEquals("UNKNOWN_ROLE_SERVICE", e4.getId());
            assertEquals(1, e4.getArgs().length);
            assertEquals("blabla", e4.getArgs()[0]);
            LOGGER.info(e4.getMessage());
            z4 = true;
        }
        assertTrue(z4);
        preAuthenticatedUserNameFilterConfig.setRoleServiceName(XMLRoleService.DEFAULT_NAME);
        preAuthenticatedUserNameFilterConfig.setRoleSource(PreAuthenticatedUserNameFilterConfig.RoleSource.Header);
        boolean z5 = false;
        try {
            getSecurityManager().saveFilter(preAuthenticatedUserNameFilterConfig);
        } catch (FilterConfigException e5) {
            assertEquals("ROLES_HEADER_ATTRIBUTE_NEEDED", e5.getId());
            assertEquals(0, e5.getArgs().length);
            LOGGER.info(e5.getMessage());
            z5 = true;
        }
        assertTrue(z5);
        preAuthenticatedUserNameFilterConfig.setRolesHeaderAttribute("roles");
        preAuthenticatedUserNameFilterConfig.setRoleConverterName("unknown");
        boolean z6 = false;
        try {
            getSecurityManager().saveFilter(preAuthenticatedUserNameFilterConfig);
        } catch (FilterConfigException e6) {
            assertEquals("UNKNOWN_ROLE_CONVERTER", e6.getId());
            assertEquals(1, e6.getArgs().length);
            assertEquals("unknown", e6.getArgs()[0]);
            LOGGER.info(e6.getMessage());
            z6 = true;
        }
        assertTrue(z6);
        preAuthenticatedUserNameFilterConfig.setRoleConverterName((String) null);
        getSecurityManager().saveFilter(preAuthenticatedUserNameFilterConfig);
    }

    public void testRequestHeaderFilterConfigValidation() throws Exception {
        RequestHeaderAuthenticationFilterConfig requestHeaderAuthenticationFilterConfig = new RequestHeaderAuthenticationFilterConfig();
        requestHeaderAuthenticationFilterConfig.setClassName(GeoServerRequestHeaderAuthenticationFilter.class.getName());
        requestHeaderAuthenticationFilterConfig.setName("testRequestHeader");
        boolean z = false;
        try {
            getSecurityManager().saveFilter(requestHeaderAuthenticationFilterConfig);
        } catch (FilterConfigException e) {
            assertEquals("PRINCIPAL_HEADER_ATTRIBUTE_NEEDED", e.getId());
            assertEquals(0, e.getArgs().length);
            LOGGER.info(e.getMessage());
            z = true;
        }
        assertTrue(z);
        requestHeaderAuthenticationFilterConfig.setPrincipalHeaderAttribute("user");
        check(requestHeaderAuthenticationFilterConfig);
    }
}
