package org.geoserver.security;

import java.io.IOException;
import java.util.Collections;
import org.geoserver.security.impl.GeoServerRole;
import org.geoserver.security.impl.GeoServerUser;
import org.geoserver.security.impl.GeoServerUserGroup;
import org.geoserver.security.impl.GroupAdminProperty;
import org.geoserver.security.xml.XMLRoleService;
import org.geoserver.security.xml.XMLRoleServiceConfig;
import org.geoserver.security.xml.XMLUserGroupService;
import org.geoserver.security.xml.XMLUserGroupServiceConfig;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:org/geoserver/security/GroupAdminServiceTest.class */
public class GroupAdminServiceTest extends AbstractSecurityServiceTest {
    protected GeoServerUserGroupStore ugStore;
    protected GeoServerRoleStore roleStore;
    GeoServerUser bob;
    GeoServerUser alice;
    GeoServerUserGroup users;
    GeoServerUserGroup admins;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.geoserver.test.OneTimeSetupTest
    public void setUpInternal() throws Exception {
        super.setUpInternal();
        GeoServerUserGroupService createUserGroupService = createUserGroupService("gaugs");
        GeoServerRoleService createRoleService = createRoleService("gars");
        getSecurityManager().setActiveRoleService(createRoleService);
        this.ugStore = createStore(createUserGroupService);
        this.bob = this.ugStore.createUserObject("bob", "foobar", true);
        GroupAdminProperty.set(this.bob.getProperties(), new String[]{"users"});
        this.ugStore.addUser(this.bob);
        this.alice = this.ugStore.createUserObject("alice", "foobar", true);
        this.ugStore.addUser(this.alice);
        this.users = this.ugStore.createGroupObject("users", true);
        this.ugStore.addGroup(this.users);
        this.admins = this.ugStore.createGroupObject("admins", true);
        this.ugStore.addGroup(this.admins);
        this.ugStore.store();
        this.roleStore = createStore(createRoleService);
        this.roleStore.addRole(this.roleStore.createRoleObject("adminRole"));
        GeoServerRoleStore geoServerRoleStore = this.roleStore;
        GeoServerRole createRoleObject = this.roleStore.createRoleObject("groupAdminRole");
        geoServerRoleStore.addRole(createRoleObject);
        this.roleStore.associateRoleToUser(createRoleObject, this.bob.getUsername());
        this.roleStore.store();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.geoserver.test.GeoServerAbstractTestSupport, org.geoserver.test.OneTimeSetupTest
    public void tearDownInternal() throws Exception {
        super.tearDownInternal();
        clearAuth();
    }

    @Override // org.geoserver.security.AbstractSecurityServiceTest
    public GeoServerRoleService createRoleService(String str) throws Exception {
        XMLRoleServiceConfig xMLRoleServiceConfig = new XMLRoleServiceConfig();
        xMLRoleServiceConfig.setName(str);
        xMLRoleServiceConfig.setAdminRoleName("adminRole");
        xMLRoleServiceConfig.setGroupAdminRoleName("groupAdminRole");
        xMLRoleServiceConfig.setClassName(XMLRoleService.class.getName());
        xMLRoleServiceConfig.setCheckInterval(1000L);
        xMLRoleServiceConfig.setFileName("roles.xml");
        getSecurityManager().saveRoleService(xMLRoleServiceConfig);
        return getSecurityManager().loadRoleService(xMLRoleServiceConfig.getName());
    }

    @Override // org.geoserver.security.AbstractSecurityServiceTest
    public GeoServerUserGroupService createUserGroupService(String str) throws Exception {
        XMLUserGroupServiceConfig xMLUserGroupServiceConfig = new XMLUserGroupServiceConfig();
        xMLUserGroupServiceConfig.setName(str);
        xMLUserGroupServiceConfig.setClassName(XMLUserGroupService.class.getName());
        xMLUserGroupServiceConfig.setFileName("users.xml");
        xMLUserGroupServiceConfig.setCheckInterval(1000L);
        xMLUserGroupServiceConfig.setPasswordEncoderName(getDigestPasswordEncoder().getName());
        xMLUserGroupServiceConfig.setPasswordPolicyName("default");
        getSecurityManager().saveUserGroupService(xMLUserGroupServiceConfig);
        return getSecurityManager().loadUserGroupService(str);
    }

    void setAuth() {
        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(this.bob, this.bob.getPassword(), Collections.singletonList(GeoServerRole.GROUP_ADMIN_ROLE)));
    }

    void clearAuth() {
        SecurityContextHolder.getContext().setAuthentication((Authentication) null);
    }

    public void testWrapRoleService() throws Exception {
        assertFalse(getSecurityManager().getActiveRoleService() instanceof GroupAdminRoleService);
        setAuth();
        assertTrue(getSecurityManager().getActiveRoleService() instanceof GroupAdminRoleService);
    }

    public void testWrapUserGroupService() throws Exception {
        assertFalse(getSecurityManager().loadUserGroupService(this.ugStore.getName()) instanceof GroupAdminUserGroupService);
        setAuth();
        assertTrue(getSecurityManager().loadUserGroupService(this.ugStore.getName()) instanceof GroupAdminUserGroupService);
    }

    public void testHideAdminRole() throws Exception {
        GeoServerRoleService activeRoleService = getSecurityManager().getActiveRoleService();
        GeoServerRole createRoleObject = activeRoleService.createRoleObject("adminRole");
        assertTrue(activeRoleService.getRoles().contains(createRoleObject));
        assertNotNull(activeRoleService.getAdminRole());
        assertNotNull(activeRoleService.getRoleByName("adminRole"));
        setAuth();
        GeoServerRoleService activeRoleService2 = getSecurityManager().getActiveRoleService();
        assertFalse(activeRoleService2.getRoles().contains(createRoleObject));
        assertNull(activeRoleService2.getAdminRole());
        assertNull(activeRoleService2.getRoleByName("adminRole"));
    }

    public void testHideGroups() throws Exception {
        GeoServerUserGroupService loadUserGroupService = getSecurityManager().loadUserGroupService(this.ugStore.getName());
        assertTrue(loadUserGroupService.getUserGroups().contains(this.users));
        assertNotNull(loadUserGroupService.getGroupByGroupname("users"));
        assertTrue(loadUserGroupService.getUserGroups().contains(this.admins));
        assertNotNull(loadUserGroupService.getGroupByGroupname("admins"));
        setAuth();
        GeoServerUserGroupService loadUserGroupService2 = getSecurityManager().loadUserGroupService(this.ugStore.getName());
        assertTrue(loadUserGroupService2.getUserGroups().contains(this.users));
        assertNotNull(loadUserGroupService2.getGroupByGroupname("users"));
        assertFalse(loadUserGroupService2.getUserGroups().contains(this.admins));
        assertNull(loadUserGroupService2.getGroupByGroupname("admins"));
    }

    public void testRoleServiceReadOnly() throws Exception {
        setAuth();
        GeoServerRoleService activeRoleService = getSecurityManager().getActiveRoleService();
        assertFalse(activeRoleService.canCreateStore());
        assertNull(activeRoleService.createStore());
    }

    public void testCreateNewUser() throws Exception {
        setAuth();
        GeoServerUserGroupService loadUserGroupService = getSecurityManager().loadUserGroupService(this.ugStore.getName());
        GeoServerUserGroupStore createStore = loadUserGroupService.createStore();
        createStore.addUser(createStore.createUserObject("bill", "foobar", true));
        createStore.store();
        assertNotNull(loadUserGroupService.getUserByUsername("bill"));
    }

    public void testAssignUserToGroup() throws Exception {
        testCreateNewUser();
        GeoServerUserGroupStore createStore = getSecurityManager().loadUserGroupService(this.ugStore.getName()).createStore();
        GeoServerUser userByUsername = createStore.getUserByUsername("bill");
        createStore.associateUserToGroup(userByUsername, this.users);
        createStore.store();
        assertEquals(1, createStore.getGroupsForUser(userByUsername).size());
        assertTrue(createStore.getGroupsForUser(userByUsername).contains(this.users));
        createStore.associateUserToGroup(userByUsername, this.admins);
        assertEquals(1, createStore.getGroupsForUser(userByUsername).size());
        assertTrue(createStore.getGroupsForUser(userByUsername).contains(this.users));
        assertFalse(createStore.getGroupsForUser(userByUsername).contains(this.admins));
    }

    public void testRemoveUserInGroup() throws Exception {
        testAssignUserToGroup();
        GeoServerUserGroupStore createStore = getSecurityManager().loadUserGroupService(this.ugStore.getName()).createStore();
        createStore.removeUser(createStore.getUserByUsername("bill"));
        createStore.store();
        assertNull(createStore.getUserByUsername("bill"));
    }

    public void testRemoveUserNotInGroup() throws Exception {
        GeoServerUserGroupStore createStore = getSecurityManager().loadUserGroupService(this.ugStore.getName()).createStore();
        GeoServerUser createUserObject = createStore.createUserObject("sally", "foobar", true);
        createStore.addUser(createUserObject);
        createStore.associateUserToGroup(createUserObject, this.admins);
        createStore.store();
        setAuth();
        try {
            getSecurityManager().loadUserGroupService(createStore.getName()).createStore().removeUser(createUserObject);
            fail();
        } catch (IOException e) {
        }
    }
}
