package org.geoserver.security.cas;

import java.util.logging.Logger;
import org.geoserver.security.config.PreAuthenticatedUserNameFilterConfig;
import org.geoserver.security.validation.FilterConfigException;
import org.geoserver.security.xml.XMLRoleService;
import org.geoserver.security.xml.XMLUserGroupService;
import org.geoserver.test.GeoServerMockTestSupport;
import org.geotools.util.logging.Logging;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/geoserver/security/cas/CasFilterConfigValidatorTest.class */
public class CasFilterConfigValidatorTest extends GeoServerMockTestSupport {
    protected static Logger LOGGER = Logging.getLogger("org.geoserver.security");
    CasFilterConfigValidator validator;

    @Before
    public void setValidator() {
        this.validator = new CasFilterConfigValidator(getSecurityManager());
    }

    @Test
    public void testCasFilterConfigValidation() throws Exception {
        CasAuthenticationFilterConfig casAuthenticationFilterConfig = new CasAuthenticationFilterConfig();
        casAuthenticationFilterConfig.setClassName(GeoServerCasAuthenticationFilter.class.getName());
        casAuthenticationFilterConfig.setName("testCAS");
        check(casAuthenticationFilterConfig);
        this.validator.validateCASFilterConfig(casAuthenticationFilterConfig);
    }

    public void check(CasAuthenticationFilterConfig casAuthenticationFilterConfig) throws Exception {
        boolean z = false;
        try {
            this.validator.validateCASFilterConfig(casAuthenticationFilterConfig);
        } catch (FilterConfigException e) {
            Assert.assertEquals("ROLE_SOURCE_NEEDED", e.getId());
            Assert.assertEquals(0L, e.getArgs().length);
            LOGGER.info(e.getMessage());
            z = true;
        }
        Assert.assertTrue(z);
        casAuthenticationFilterConfig.setRoleSource(PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource.UserGroupService);
        boolean z2 = false;
        try {
            this.validator.validateCASFilterConfig(casAuthenticationFilterConfig);
        } catch (FilterConfigException e2) {
            Assert.assertEquals("USER_GROUP_SERVICE_NEEDED", e2.getId());
            Assert.assertEquals(0L, e2.getArgs().length);
            LOGGER.info(e2.getMessage());
            z2 = true;
        }
        Assert.assertTrue(z2);
        casAuthenticationFilterConfig.setUserGroupServiceName("blabla");
        boolean z3 = false;
        try {
            this.validator.validateCASFilterConfig(casAuthenticationFilterConfig);
        } catch (FilterConfigException e3) {
            Assert.assertEquals("UNKNOWN_USER_GROUP_SERVICE", e3.getId());
            Assert.assertEquals(1L, e3.getArgs().length);
            Assert.assertEquals("blabla", e3.getArgs()[0]);
            LOGGER.info(e3.getMessage());
            z3 = true;
        }
        Assert.assertTrue(z3);
        casAuthenticationFilterConfig.setUserGroupServiceName(XMLUserGroupService.DEFAULT_NAME);
        casAuthenticationFilterConfig.setRoleSource(PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource.RoleService);
        casAuthenticationFilterConfig.setRoleServiceName("blabla");
        boolean z4 = false;
        try {
            this.validator.validateCASFilterConfig(casAuthenticationFilterConfig);
        } catch (FilterConfigException e4) {
            Assert.assertEquals("UNKNOWN_ROLE_SERVICE", e4.getId());
            Assert.assertEquals(1L, e4.getArgs().length);
            Assert.assertEquals("blabla", e4.getArgs()[0]);
            LOGGER.info(e4.getMessage());
            z4 = true;
        }
        Assert.assertTrue(z4);
        casAuthenticationFilterConfig.setRoleServiceName(XMLRoleService.DEFAULT_NAME);
        casAuthenticationFilterConfig.setRoleSource(PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource.Header);
        boolean z5 = false;
        try {
            this.validator.validateCASFilterConfig(casAuthenticationFilterConfig);
        } catch (FilterConfigException e5) {
            Assert.assertEquals("ROLES_HEADER_ATTRIBUTE_NEEDED", e5.getId());
            Assert.assertEquals(0L, e5.getArgs().length);
            LOGGER.info(e5.getMessage());
            z5 = true;
        }
        Assert.assertTrue(z5);
        casAuthenticationFilterConfig.setRolesHeaderAttribute("roles");
        casAuthenticationFilterConfig.setRoleConverterName("unknown");
        boolean z6 = false;
        try {
            this.validator.validateCASFilterConfig(casAuthenticationFilterConfig);
        } catch (FilterConfigException e6) {
            Assert.assertEquals("UNKNOWN_ROLE_CONVERTER", e6.getId());
            Assert.assertEquals(1L, e6.getArgs().length);
            Assert.assertEquals("unknown", e6.getArgs()[0]);
            LOGGER.info(e6.getMessage());
            z6 = true;
        }
        Assert.assertTrue(z6);
        casAuthenticationFilterConfig.setRoleConverterName((String) null);
        casAuthenticationFilterConfig.setCasServerUrlPrefix((String) null);
        boolean z7 = false;
        try {
            this.validator.validateCASFilterConfig(casAuthenticationFilterConfig);
        } catch (CasFilterConfigException e7) {
            Assert.assertEquals("CAS_SERVER_URL_REQUIRED", e7.getId());
            Assert.assertEquals(0L, e7.getArgs().length);
            LOGGER.info(e7.getMessage());
            z7 = true;
        }
        Assert.assertTrue(z7);
        casAuthenticationFilterConfig.setCasServerUrlPrefix("blabal");
        boolean z8 = false;
        try {
            this.validator.validateCASFilterConfig(casAuthenticationFilterConfig);
        } catch (CasFilterConfigException e8) {
            Assert.assertEquals("CAS_SERVER_URL_MALFORMED", e8.getId());
            Assert.assertEquals(0L, e8.getArgs().length);
            LOGGER.info(e8.getMessage());
            z8 = true;
        }
        Assert.assertTrue(z8);
        casAuthenticationFilterConfig.setCasServerUrlPrefix("http://casserver/case");
        casAuthenticationFilterConfig.setUrlInCasLogoutPage("blbla");
        boolean z9 = false;
        try {
            this.validator.validateCASFilterConfig(casAuthenticationFilterConfig);
        } catch (CasFilterConfigException e9) {
            Assert.assertEquals("CAS_URL_IN_LOGOUT_PAGE_MALFORMED", e9.getId());
            Assert.assertEquals(0L, e9.getArgs().length);
            LOGGER.info(e9.getMessage());
            z9 = true;
        }
        Assert.assertTrue(z9);
        casAuthenticationFilterConfig.setUrlInCasLogoutPage("http://localhost/gesoerver");
        casAuthenticationFilterConfig.setProxyCallbackUrlPrefix("blabal");
        boolean z10 = false;
        try {
            this.validator.validateCASFilterConfig(casAuthenticationFilterConfig);
        } catch (CasFilterConfigException e10) {
            Assert.assertEquals("CAS_PROXYCALLBACK_MALFORMED", e10.getId());
            Assert.assertEquals(0L, e10.getArgs().length);
            LOGGER.info(e10.getMessage());
            z10 = true;
        }
        Assert.assertTrue(z10);
        casAuthenticationFilterConfig.setProxyCallbackUrlPrefix("http://localhost/callback");
        boolean z11 = false;
        try {
            this.validator.validateCASFilterConfig(casAuthenticationFilterConfig);
        } catch (CasFilterConfigException e11) {
            Assert.assertEquals("CAS_PROXYCALLBACK_NOT_HTTPS", e11.getId());
            Assert.assertEquals(0L, e11.getArgs().length);
            LOGGER.info(e11.getMessage());
            z11 = true;
        }
        Assert.assertTrue(z11);
        casAuthenticationFilterConfig.setProxyCallbackUrlPrefix("https://localhost/callback");
        this.validator.validateCASFilterConfig(casAuthenticationFilterConfig);
    }
}
