package org.geoserver.security.ldap;

import java.util.Collections;
import java.util.Iterator;
import org.geoserver.security.impl.GeoServerRole;
import org.geoserver.security.impl.MemoryRoleService;
import org.geoserver.security.impl.MemoryRoleStore;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Test;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;

/* loaded from: input_file:org/geoserver/security/ldap/LDAPAuthenticationProviderTest.class */
public class LDAPAuthenticationProviderTest extends LDAPBaseTest {
    private LDAPAuthenticationProvider authProvider;

    @Override // org.geoserver.security.ldap.LDAPBaseTest
    protected void createConfig() {
        this.config = new LDAPSecurityServiceConfig();
    }

    @Test
    public void testBindBeforeGroupSearch() throws Exception {
        Assume.assumeTrue(LDAPTestUtils.initLdapServer(false, "ldap://127.0.0.1:10389", "dc=example,dc=com"));
        this.config.setUserDnPattern("uid={0},ou=People");
        this.config.setBindBeforeGroupSearch(true);
        createAuthenticationProvider();
        Authentication authenticate = this.authProvider.authenticate(this.authentication);
        Assert.assertNotNull(authenticate);
        Assert.assertEquals("admin", authenticate.getName());
        Assert.assertEquals(3L, authenticate.getAuthorities().size());
    }

    @Test
    public void testBindBeforeGroupSearchRequiredIfAnonymousDisabled() throws Exception {
        Assume.assumeTrue(LDAPTestUtils.initLdapServer(false, "ldap://127.0.0.1:10389", "dc=example,dc=com"));
        this.config.setUserDnPattern("uid={0},ou=People");
        this.config.setBindBeforeGroupSearch(false);
        createAuthenticationProvider();
        boolean z = false;
        try {
            this.authProvider.authenticate(this.authentication);
        } catch (Exception e) {
            z = true;
        }
        Assert.assertTrue(z);
    }

    @Test
    public void testUserFilterAndFormat() throws Exception {
        Assume.assumeTrue(LDAPTestUtils.initLdapServer(true, "ldap://127.0.0.1:10389", "dc=example,dc=com"));
        this.config.setUserFilter("(telephonenumber=1)");
        this.config.setUserFormat("uid={0},ou=People,dc=example,dc=com");
        createAuthenticationProvider();
        Assert.assertEquals(3L, this.authProvider.authenticate(this.authentication).getAuthorities().size());
    }

    @Test
    public void testUserFilterPlacemarks() throws Exception {
        Assume.assumeTrue(LDAPTestUtils.initLdapServer(true, "ldap://127.0.0.1:10389", "dc=example,dc=com"));
        this.config.setUserFilter("(givenName={1})");
        this.config.setUserFormat("uid={0},ou=People,dc=example,dc=com");
        createAuthenticationProvider();
        Assert.assertEquals(3L, this.authProvider.authenticate(this.authentication).getAuthorities().size());
        this.config.setUserFilter("(cn={0})");
        this.config.setUserFormat("uid={0},ou=People,dc=example,dc=com");
        createAuthenticationProvider();
        Assert.assertEquals(3L, this.authProvider.authenticate(this.authentication).getAuthorities().size());
    }

    @Test
    public void testAdminGroup() throws Exception {
        Assume.assumeTrue(LDAPTestUtils.initLdapServer(true, "ldap://127.0.0.1:10389", "dc=example,dc=com"));
        this.config.setUserDnPattern("uid={0},ou=People");
        this.config.setAdminGroup("other");
        createAuthenticationProvider();
        boolean z = false;
        Iterator it = this.authProvider.authenticate(this.authenticationOther).getAuthorities().iterator();
        while (it.hasNext()) {
            if (((GrantedAuthority) it.next()).getAuthority().equalsIgnoreCase("ROLE_ADMINISTRATOR")) {
                z = true;
            }
        }
        Assert.assertTrue(z);
    }

    @Test
    public void testGroupAdminGroup() throws Exception {
        Assume.assumeTrue(LDAPTestUtils.initLdapServer(true, "ldap://127.0.0.1:10389", "dc=example,dc=com"));
        this.config.setUserDnPattern("uid={0},ou=People");
        this.config.setGroupAdminGroup("other");
        createAuthenticationProvider();
        boolean z = false;
        Iterator it = this.authProvider.authenticate(this.authenticationOther).getAuthorities().iterator();
        while (it.hasNext()) {
            if (((GrantedAuthority) it.next()).getAuthority().equalsIgnoreCase("ROLE_GROUP_ADMIN")) {
                z = true;
            }
        }
        Assert.assertTrue(z);
    }

    @Test
    public void testRoleService() throws Exception {
        Assume.assumeTrue(LDAPTestUtils.initLdapServer(true, "ldap://127.0.0.1:10389", "dc=example,dc=com"));
        this.config.setUserDnPattern("uid={0},ou=People");
        createAuthenticationProvider();
        this.authProvider.setSecurityManager(this.securityManager);
        this.securityManager.setProviders(Collections.singletonList(this.authProvider));
        MemoryRoleStore memoryRoleStore = new MemoryRoleStore();
        memoryRoleStore.initializeFromService(new MemoryRoleService());
        memoryRoleStore.setSecurityManager(this.securityManager);
        GeoServerRole createRoleObject = memoryRoleStore.createRoleObject("MyRole");
        memoryRoleStore.addRole(createRoleObject);
        memoryRoleStore.associateRoleToUser(createRoleObject, "other");
        this.securityManager.setActiveRoleService(memoryRoleStore);
        Assert.assertTrue(this.authProvider.authenticate(this.authenticationOther).getAuthorities().contains(createRoleObject));
        Assert.assertEquals(3L, r0.getAuthorities().size());
    }

    @Test
    public void testColonPassword() throws Exception {
        Assume.assumeTrue(LDAPTestUtils.initLdapServer(true, "ldap://127.0.0.1:10389", "dc=example,dc=com", "data3.ldif"));
        this.config.setUserDnPattern("uid={0},ou=People");
        createAuthenticationProvider();
        this.authentication = new UsernamePasswordAuthenticationToken("colon", "da:da");
        Assert.assertEquals(2L, this.authProvider.authenticate(this.authentication).getAuthorities().size());
    }

    private void createAuthenticationProvider() {
        this.authProvider = this.securityProvider.createAuthenticationProvider(this.config);
    }
}
