package org.geoserver.security.ldap;

import java.io.IOException;
import java.util.SortedSet;
import org.apache.directory.server.annotations.CreateLdapServer;
import org.apache.directory.server.annotations.CreateTransport;
import org.apache.directory.server.core.annotations.ApplyLdifFiles;
import org.apache.directory.server.core.annotations.CreateDS;
import org.apache.directory.server.core.annotations.CreatePartition;
import org.apache.directory.server.core.integ.FrameworkRunner;
import org.geoserver.security.GeoServerRoleService;
import org.geoserver.security.impl.GeoServerRole;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;

/* loaded from: input_file:org/geoserver/security/ldap/LDAPRoleServiceTest.class */
public class LDAPRoleServiceTest extends LDAPBaseTest {
    GeoServerRoleService service;

    @CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP", address = "localhost")}, allowAnonymousAccess = true)
    @RunWith(FrameworkRunner.class)
    @CreateDS(name = "myDS", partitions = {@CreatePartition(name = "test", suffix = "dc=example,dc=com")})
    @ApplyLdifFiles({"data2.ldif"})
    /* loaded from: input_file:org/geoserver/security/ldap/LDAPRoleServiceTest$LDAPRoleServiceLdiff2Test.class */
    public static class LDAPRoleServiceLdiff2Test extends LDAPRoleServiceTest {
        @Test
        public void testGetRolesForUserUsingUserFilter() throws Exception {
            checkUserRoles("admin", true);
        }

        @Test
        public void testGetRolesForUserAuthenticatedUsingUserFilter() throws Exception {
            getService().setAllowAnonymousAccess(false);
            configureAuthentication();
            checkUserRoles("admin", true);
        }

        @Test
        public void testGetUserNamesForRoleUsingUserFilter() throws Exception {
            getService().setAllowAnonymousAccess(true);
            checkUserNamesForRole("admin", 1, true);
            checkUserNamesForRole("other", 2, true);
        }
    }

    @CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP", address = "localhost")}, allowAnonymousAccess = true)
    @RunWith(FrameworkRunner.class)
    @CreateDS(name = "myDS", partitions = {@CreatePartition(name = "test", suffix = "dc=example,dc=com")})
    @ApplyLdifFiles({"data4.ldif"})
    /* loaded from: input_file:org/geoserver/security/ldap/LDAPRoleServiceTest$LDAPRoleServiceLdiff4Test.class */
    public static class LDAPRoleServiceLdiff4Test extends LDAPRoleServiceTest {
        @Test
        public void checkHierarchicalRolesUsers() throws IOException {
            createRoleService(true, null, null);
            this.config.setUserNameAttribute("uid");
            this.config.setGroupNameAttribute("cn");
            this.config.setUseNestedParentGroups(true);
            this.config.setNestedGroupSearchFilter("member={1}");
            this.config.setGroupSearchFilter("member={1},dc=example,dc=com");
            this.config.setUserFilter("uid={0}");
            this.config.setMaxGroupSearchLevel(5);
            this.service = new LDAPRoleService();
            this.service.initializeFromConfig(this.config);
            SortedSet userNamesForRole = this.service.getUserNamesForRole(this.service.getRoleByName("ROLE_EXTRA"));
            Assert.assertNotNull(userNamesForRole);
            Assert.assertEquals(2L, userNamesForRole.size());
            Assert.assertTrue(userNamesForRole.stream().anyMatch(str -> {
                return "nestedUser".equals(str);
            }));
            Assert.assertEquals(6L, this.service.getRolesForUser("nestedUser").size());
        }
    }

    @CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP", address = "localhost")}, allowAnonymousAccess = true)
    @RunWith(FrameworkRunner.class)
    @CreateDS(name = "myDS", partitions = {@CreatePartition(name = "test", suffix = "dc=example,dc=com")})
    @ApplyLdifFiles({"data.ldif"})
    /* loaded from: input_file:org/geoserver/security/ldap/LDAPRoleServiceTest$LDAPRoleServiceLdiffTest.class */
    public static class LDAPRoleServiceLdiffTest extends LDAPRoleServiceTest {
        @Test
        public void testGetRoles() throws Exception {
            getService().setAllowAnonymousAccess(true);
            checkAllRoles();
        }

        @Test
        public void testGetRolesAuthenticated() throws Exception {
            getService().setAllowAnonymousAccess(false);
            configureAuthentication();
            checkAllRoles();
        }

        @Test
        public void testGetRolesCount() throws Exception {
            getService().setAllowAnonymousAccess(true);
            checkRoleCount();
        }

        @Test
        public void testGetRolesCountAuthenticated() throws Exception {
            getService().setAllowAnonymousAccess(true);
            configureAuthentication();
            checkRoleCount();
        }

        @Test
        public void testGetRoleByName() throws Exception {
            getService().setAllowAnonymousAccess(true);
            checkRoleByName();
        }

        @Test
        public void testGetRoleByNameAuthenticated() throws Exception {
            getService().setAllowAnonymousAccess(false);
            configureAuthentication();
            checkRoleByName();
        }

        @Test
        public void testGetAdminRoles() throws Exception {
            getService().setAllowAnonymousAccess(true);
            checkAdminRoles();
        }

        @Test
        public void testGetAdminRolesAuthenticated() throws Exception {
            getService().setAllowAnonymousAccess(false);
            configureAuthentication();
            checkAdminRoles();
        }

        @Test
        public void testGetRolesForUser() throws Exception {
            getService().setAllowAnonymousAccess(true);
            checkUserRoles("admin", false);
        }

        @Test
        public void testGetRolesForUserAuthenticated() throws Exception {
            getService().setAllowAnonymousAccess(false);
            configureAuthentication();
            checkUserRoles("admin", false);
        }

        @Test
        public void testGetUserNamesForRole() throws Exception {
            getService().setAllowAnonymousAccess(true);
            checkUserNamesForRole("admin", 1, false);
            checkUserNamesForRole("other", 2, false);
        }

        @Test
        public void checkUserHierarchicalRoles() throws IOException {
            this.config.setUseNestedParentGroups(true);
            this.config.setNestedGroupSearchFilter("member=cn={0}");
            this.config.setGroupSearchFilter("member=cn={0}");
            this.config.setUserFilter("uid={0}");
            this.service = new LDAPRoleService();
            this.service.initializeFromConfig(this.config);
            SortedSet rolesForUser = this.service.getRolesForUser("nestedUser");
            Assert.assertNotNull(rolesForUser);
            Assert.assertEquals(2L, rolesForUser.size());
            Assert.assertTrue(rolesForUser.stream().anyMatch(geoServerRole -> {
                return "ROLE_EXTRA".equals(geoServerRole.getAuthority());
            }));
        }
    }

    public void createRoleService(boolean z, Boolean bool, String str) throws IOException {
        this.service = new LDAPRoleService();
        if (z) {
            this.config.setGroupSearchFilter("member={1},dc=example,dc=com");
            this.config.setUserFilter("uid={0}");
        } else {
            this.config.setGroupSearchFilter("member=cn={0}");
        }
        if (bool != null) {
            this.config.setConvertToUpperCase(bool);
        }
        if (str != null) {
            this.config.setRolePrefix(str);
        }
        this.service.initializeFromConfig(this.config);
    }

    @Override // org.geoserver.security.ldap.LDAPBaseTest
    @Before
    public void setUp() throws Exception {
        super.setUp();
    }

    protected void configureAuthentication() {
        this.config.setUser("uid=admin,ou=People,dc=example,dc=com");
        this.config.setPassword("admin");
        this.config.setBindBeforeGroupSearch(true);
    }

    protected void checkAdminRoles() throws IOException {
        this.config.setAdminGroup("admin");
        this.config.setGroupAdminGroup("other");
        createRoleService(false, null, null);
        Assert.assertNotNull(this.service.getAdminRole());
        Assert.assertNotNull(this.service.getGroupAdminRole());
        this.config.setAdminGroup("dummy1");
        this.config.setGroupAdminGroup("dummy2");
        createRoleService(false, null, null);
        Assert.assertNull(this.service.getAdminRole());
        Assert.assertNull(this.service.getGroupAdminRole());
        this.config.setAdminGroup("admin");
        this.config.setGroupAdminGroup("other");
        createRoleService(false, false, "test_");
        Assert.assertEquals("test_admin", this.service.getAdminRole().toString());
    }

    protected void checkUserNamesForRole(String str, int i, boolean z) throws IOException {
        createRoleService(z, null, null);
        Assert.assertNotNull(this.service.getUserNamesForRole(new GeoServerRole(str)));
        Assert.assertEquals(i, r0.size());
        createRoleService(z, false, "test_");
        Assert.assertNotNull(this.service.getUserNamesForRole(new GeoServerRole(str)));
        Assert.assertEquals(i, r0.size());
    }

    protected void checkRoleByName() throws IOException {
        createRoleService(false, null, null);
        Assert.assertNotNull(this.service.getRoleByName("admin"));
        Assert.assertNull(this.service.getRoleByName("dummy"));
        createRoleService(false, false, "test_");
        Assert.assertNotNull(this.service.getRoleByName("admin"));
        Assert.assertNull(this.service.getRoleByName("dummy"));
    }

    protected void checkRoleCount() throws IOException {
        createRoleService(false, null, null);
        Assert.assertTrue(this.service.getRoleCount() > 0);
        createRoleService(false, false, "test_");
        Assert.assertTrue(this.service.getRoleCount() > 0);
    }

    protected void checkAllRoles() throws IOException {
        createRoleService(false, null, null);
        SortedSet roles = this.service.getRoles();
        Assert.assertNotNull(roles);
        Assert.assertTrue(roles.size() > 0);
        GeoServerRole geoServerRole = (GeoServerRole) roles.first();
        Assert.assertTrue(geoServerRole.toString().startsWith("ROLE_"));
        Assert.assertEquals(geoServerRole.toString().toUpperCase(), geoServerRole.toString());
        createRoleService(false, false, "test_");
        SortedSet roles2 = this.service.getRoles();
        Assert.assertNotNull(roles2);
        Assert.assertTrue(roles2.size() > 0);
        GeoServerRole geoServerRole2 = (GeoServerRole) roles2.first();
        Assert.assertTrue(geoServerRole2.toString().startsWith("test_"));
        Assert.assertNotEquals(geoServerRole2.toString().toUpperCase(), geoServerRole2.toString());
    }

    protected void checkUserRoles(String str, boolean z) throws IOException {
        createRoleService(z, null, null);
        SortedSet roles = this.service.getRoles();
        SortedSet rolesForUser = this.service.getRolesForUser(str);
        Assert.assertNotNull(rolesForUser);
        Assert.assertTrue(rolesForUser.size() > 0);
        Assert.assertTrue(rolesForUser.size() < roles.size());
        GeoServerRole geoServerRole = (GeoServerRole) rolesForUser.first();
        Assert.assertTrue(geoServerRole.toString().startsWith("ROLE_"));
        Assert.assertEquals(geoServerRole.toString().toUpperCase(), geoServerRole.toString());
        createRoleService(z, false, "test_");
        SortedSet roles2 = this.service.getRoles();
        SortedSet rolesForUser2 = this.service.getRolesForUser(str);
        Assert.assertNotNull(rolesForUser2);
        Assert.assertTrue(rolesForUser2.size() > 0);
        Assert.assertTrue(rolesForUser2.size() < roles2.size());
        GeoServerRole geoServerRole2 = (GeoServerRole) rolesForUser2.first();
        Assert.assertTrue(geoServerRole2.toString().startsWith("test_"));
        Assert.assertNotEquals(geoServerRole2.toString().toUpperCase(), geoServerRole2.toString());
    }

    @Override // org.geoserver.security.ldap.LDAPBaseTest
    protected void createConfig() {
        this.config = new LDAPRoleServiceConfig();
    }
}
