package org.geoserver.security.auth;

import java.security.Principal;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.http.Cookie;
import org.geoserver.data.test.SystemTestData;
import org.geoserver.security.config.BasicAuthenticationFilterConfig;
import org.geoserver.security.config.DigestAuthenticationFilterConfig;
import org.geoserver.security.config.J2eeAuthenticationBaseFilterConfig;
import org.geoserver.security.config.J2eeAuthenticationFilterConfig;
import org.geoserver.security.config.PreAuthenticatedUserNameFilterConfig;
import org.geoserver.security.config.RequestHeaderAuthenticationFilterConfig;
import org.geoserver.security.config.RoleSource;
import org.geoserver.security.config.X509CertificateAuthenticationFilterConfig;
import org.geoserver.security.filter.GeoServerBasicAuthenticationFilter;
import org.geoserver.security.filter.GeoServerBasicAuthenticationFilterTest;
import org.geoserver.security.filter.GeoServerDigestAuthenticationFilter;
import org.geoserver.security.filter.GeoServerJ2eeAuthenticationFilter;
import org.geoserver.security.filter.GeoServerRequestHeaderAuthenticationFilter;
import org.geoserver.security.filter.GeoServerX509CertificateAuthenticationFilter;
import org.geoserver.security.impl.GeoServerRole;
import org.geoserver.security.password.MasterPasswordProviderConfig;
import org.geoserver.test.RunTestSetup;
import org.geoserver.test.SystemTest;
import org.geotools.util.Base64;
import org.junit.Assert;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.springframework.mock.web.MockFilterChain;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.web.bind.annotation.RequestMethod;

@Category({SystemTest.class})
/* loaded from: input_file:org/geoserver/security/auth/AuthenticationCacheFilterTest.class */
public class AuthenticationCacheFilterTest extends AbstractAuthenticationProviderTest {
    public static final String testFilterName = "basicAuthTestFilter";
    public static final String testFilterName2 = "digestAuthTestFilter";
    public static final String testFilterName3 = "j2eeAuthTestFilter";
    public static final String testFilterName4 = "requestHeaderTestFilter";
    public static final String testFilterName5 = "basicAuthTestFilterWithRememberMe";
    public static final String testFilterName8 = "x509TestFilter";
    static final /* synthetic */ boolean $assertionsDisabled;

    protected void onSetUp(SystemTestData systemTestData) throws Exception {
        super.onSetUp(systemTestData);
        BasicAuthenticationFilterConfig basicAuthenticationFilterConfig = new BasicAuthenticationFilterConfig();
        basicAuthenticationFilterConfig.setClassName(GeoServerBasicAuthenticationFilter.class.getName());
        basicAuthenticationFilterConfig.setUseRememberMe(false);
        basicAuthenticationFilterConfig.setName("basicAuthTestFilter");
        getSecurityManager().saveFilter(basicAuthenticationFilterConfig);
    }

    Authentication getAuth(String str, String str2, Integer num, Integer num2) {
        Map map = (Map) getCache().cache.get(str);
        if (map == null) {
            return null;
        }
        Authentication authentication = null;
        String str3 = null;
        Iterator it = map.entrySet().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Map.Entry entry = (Map.Entry) it.next();
            Authentication deserializeAuthentication = getCache().deserializeAuthentication((byte[]) entry.getValue());
            Object principal = deserializeAuthentication.getPrincipal();
            if (!(principal instanceof UserDetails) || !str2.equals(((UserDetails) principal).getUsername())) {
                if (!(principal instanceof Principal) || !str2.equals(((Principal) principal).getName())) {
                    if ((principal instanceof String) && str2.equals(principal)) {
                        authentication = deserializeAuthentication;
                        str3 = (String) entry.getKey();
                        break;
                    }
                } else {
                    authentication = deserializeAuthentication;
                    str3 = (String) entry.getKey();
                    break;
                }
            } else {
                authentication = deserializeAuthentication;
                str3 = (String) entry.getKey();
                break;
            }
        }
        if (authentication != null) {
            Integer[] expireTimes = getCache().getExpireTimes(str, str3);
            if (num == null) {
                Assert.assertEquals(TestingAuthenticationCache.DEFAULT_IDLE_SECS, expireTimes[0]);
            } else {
                Assert.assertEquals(num, expireTimes[0]);
            }
            if (num2 == null) {
                Assert.assertEquals(TestingAuthenticationCache.DEFAULT_LIVE_SECS, expireTimes[1]);
            } else {
                Assert.assertEquals(num2, expireTimes[1]);
            }
        }
        return authentication;
    }

    @Test
    public void testBasicAuth() throws Exception {
        prepareFilterChain(this.pattern, new String[]{"basicAuthTestFilter"});
        SecurityContextHolder.getContext().setAuthentication((Authentication) null);
        MockHttpServletRequest createRequest = createRequest("/foo/bar");
        createRequest.setMethod(RequestMethod.GET.toString());
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        getProxy().doFilter(createRequest, mockHttpServletResponse, new MockFilterChain());
        String header = mockHttpServletResponse.getHeader("WWW-Authenticate");
        Assert.assertNotNull(header);
        if (!$assertionsDisabled && header.indexOf("GeoServer Realm") == -1) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && header.indexOf("Basic") == -1) {
            throw new AssertionError();
        }
        Assert.assertEquals(401L, mockHttpServletResponse.getStatus());
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        MockHttpServletRequest createRequest2 = createRequest("/foo/bar");
        createRequest2.setMethod("GET");
        MockHttpServletResponse mockHttpServletResponse2 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain = new MockFilterChain();
        createRequest2.addHeader("Authorization", "Basic " + new String(Base64.encodeBytes("user1:pw1".getBytes())));
        getProxy().doFilter(createRequest2, mockHttpServletResponse2, mockFilterChain);
        Assert.assertEquals(200L, mockHttpServletResponse2.getStatus());
        Authentication auth = getAuth("basicAuthTestFilter", "user1", null, null);
        Assert.assertNotNull(auth);
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(auth);
        Assert.assertEquals("user1", ((UserDetails) auth.getPrincipal()).getUsername());
        Assert.assertTrue(auth.getAuthorities().contains(new GeoServerRole("RootRole")));
        Assert.assertTrue(auth.getAuthorities().contains(new GeoServerRole("DerivedRole")));
        MockHttpServletRequest createRequest3 = createRequest("/foo/bar");
        createRequest3.setMethod("GET");
        MockHttpServletResponse mockHttpServletResponse3 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain2 = new MockFilterChain();
        createRequest3.addHeader("Authorization", "Basic " + new String(Base64.encodeBytes("unknwon:pw1".getBytes())));
        getProxy().doFilter(createRequest3, mockHttpServletResponse3, mockFilterChain2);
        String header2 = mockHttpServletResponse3.getHeader("WWW-Authenticate");
        Assert.assertNotNull(header2);
        if (!$assertionsDisabled && header2.indexOf("GeoServer Realm") == -1) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && header2.indexOf("Basic") == -1) {
            throw new AssertionError();
        }
        Assert.assertEquals(401L, mockHttpServletResponse3.getStatus());
        Assert.assertNull(getAuth("unknow", "pw1", null, null));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        MockHttpServletRequest createRequest4 = createRequest("/foo/bar");
        createRequest4.setMethod("GET");
        MockHttpServletResponse mockHttpServletResponse4 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain3 = new MockFilterChain();
        createRequest4.addHeader("Authorization", "Basic " + new String(Base64.encodeBytes(("root:" + getMasterPassword()).getBytes())));
        getProxy().doFilter(createRequest4, mockHttpServletResponse4, mockFilterChain3);
        Assert.assertEquals(401L, mockHttpServletResponse4.getStatus());
        Assert.assertNull(getAuth("root", GeoServerBasicAuthenticationFilterTest.PASSWORD, null, null));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        updateUser("ug1", "user1", false);
        MockHttpServletRequest createRequest5 = createRequest("/foo/bar");
        createRequest5.setMethod("GET");
        MockHttpServletResponse mockHttpServletResponse5 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain4 = new MockFilterChain();
        createRequest5.addHeader("Authorization", "Basic " + new String(Base64.encodeBytes("user1:pw1".getBytes())));
        getProxy().doFilter(createRequest5, mockHttpServletResponse5, mockFilterChain4);
        Assert.assertEquals(200L, mockHttpServletResponse5.getStatus());
        Authentication auth2 = getAuth("basicAuthTestFilter", "user1", null, null);
        Assert.assertNotNull(auth2);
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(auth2);
        Assert.assertEquals("user1", ((UserDetails) auth2.getPrincipal()).getUsername());
        Assert.assertTrue(auth2.getAuthorities().contains(new GeoServerRole("RootRole")));
        Assert.assertTrue(auth2.getAuthorities().contains(new GeoServerRole("DerivedRole")));
        getCache().removeAll();
        MockHttpServletRequest createRequest6 = createRequest("/foo/bar");
        createRequest6.setMethod("GET");
        MockHttpServletResponse mockHttpServletResponse6 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain5 = new MockFilterChain();
        createRequest6.addHeader("Authorization", "Basic " + new String(Base64.encodeBytes("user1:pw1".getBytes())));
        getProxy().doFilter(createRequest6, mockHttpServletResponse6, mockFilterChain5);
        String header3 = mockHttpServletResponse6.getHeader("WWW-Authenticate");
        Assert.assertNotNull(header3);
        if (!$assertionsDisabled && header3.indexOf("GeoServer Realm") == -1) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && header3.indexOf("Basic") == -1) {
            throw new AssertionError();
        }
        Assert.assertEquals(401L, mockHttpServletResponse6.getStatus());
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        updateUser("ug1", "user1", true);
    }

    @Test
    public void testJ2eeProxy() throws Exception {
        J2eeAuthenticationFilterConfig j2eeAuthenticationFilterConfig = new J2eeAuthenticationFilterConfig();
        j2eeAuthenticationFilterConfig.setClassName(GeoServerJ2eeAuthenticationFilter.class.getName());
        j2eeAuthenticationFilterConfig.setName("j2eeAuthTestFilter");
        j2eeAuthenticationFilterConfig.setRoleSource(J2eeAuthenticationBaseFilterConfig.J2EERoleSource.J2EE);
        j2eeAuthenticationFilterConfig.setRoleServiceName("rs1");
        getSecurityManager().saveFilter(j2eeAuthenticationFilterConfig);
        prepareFilterChain(this.pattern, new String[]{"j2eeAuthTestFilter"});
        SecurityContextHolder.getContext().setAuthentication((Authentication) null);
        MockHttpServletRequest createRequest = createRequest("/foo/bar");
        createRequest.setMethod("GET");
        getProxy().doFilter(createRequest, new MockHttpServletResponse(), new MockFilterChain());
        Assert.assertEquals(403L, r0.getStatus());
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        MockHttpServletRequest createRequest2 = createRequest("/foo/bar");
        createRequest2.setMethod("GET");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockFilterChain mockFilterChain = new MockFilterChain();
        createRequest2.setUserPrincipal(new Principal() { // from class: org.geoserver.security.auth.AuthenticationCacheFilterTest.1
            @Override // java.security.Principal
            public String getName() {
                return "user1";
            }
        });
        createRequest2.addUserRole("DerivedRole");
        getProxy().doFilter(createRequest2, mockHttpServletResponse, mockFilterChain);
        Assert.assertEquals(200L, mockHttpServletResponse.getStatus());
        Authentication auth = getAuth("j2eeAuthTestFilter", "user1", null, null);
        Assert.assertNotNull(auth);
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(auth);
        Assert.assertEquals("user1", auth.getPrincipal());
        Assert.assertTrue(auth.getAuthorities().contains(new GeoServerRole("RootRole")));
        Assert.assertTrue(auth.getAuthorities().contains(new GeoServerRole("DerivedRole")));
        MockHttpServletRequest createRequest3 = createRequest("/foo/bar");
        createRequest3.setMethod("GET");
        MockHttpServletResponse mockHttpServletResponse2 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain2 = new MockFilterChain();
        createRequest3.setUserPrincipal(new Principal() { // from class: org.geoserver.security.auth.AuthenticationCacheFilterTest.2
            @Override // java.security.Principal
            public String getName() {
                return "root";
            }
        });
        getProxy().doFilter(createRequest3, mockHttpServletResponse2, mockFilterChain2);
        Assert.assertEquals(200L, mockHttpServletResponse2.getStatus());
        Assert.assertNull(getAuth("j2eeAuthTestFilter", "root", null, null));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        j2eeAuthenticationFilterConfig.setRoleServiceName((String) null);
        getSecurityManager().saveFilter(j2eeAuthenticationFilterConfig);
        MockHttpServletRequest createRequest4 = createRequest("/foo/bar");
        createRequest4.setMethod("GET");
        MockHttpServletResponse mockHttpServletResponse3 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain3 = new MockFilterChain();
        createRequest4.setUserPrincipal(new Principal() { // from class: org.geoserver.security.auth.AuthenticationCacheFilterTest.3
            @Override // java.security.Principal
            public String getName() {
                return "user1";
            }
        });
        createRequest4.addUserRole("DerivedRole");
        getProxy().doFilter(createRequest4, mockHttpServletResponse3, mockFilterChain3);
        Assert.assertEquals(200L, mockHttpServletResponse3.getStatus());
        Authentication auth2 = getAuth("j2eeAuthTestFilter", "user1", null, null);
        Assert.assertNotNull(auth2);
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(auth2);
        Assert.assertEquals("user1", auth2.getPrincipal());
        Assert.assertTrue(auth2.getAuthorities().contains(new GeoServerRole("RootRole")));
        Assert.assertTrue(auth2.getAuthorities().contains(new GeoServerRole("DerivedRole")));
        insertAnonymousFilter();
        MockHttpServletRequest createRequest5 = createRequest("/foo/bar");
        createRequest5.setMethod("GET");
        getProxy().doFilter(createRequest5, new MockHttpServletResponse(), new MockFilterChain());
        Assert.assertEquals(200L, r0.getStatus());
        removeAnonymousFilter();
    }

    @Test
    public void testRequestHeaderProxy() throws Exception {
        RequestHeaderAuthenticationFilterConfig requestHeaderAuthenticationFilterConfig = new RequestHeaderAuthenticationFilterConfig();
        requestHeaderAuthenticationFilterConfig.setClassName(GeoServerRequestHeaderAuthenticationFilter.class.getName());
        requestHeaderAuthenticationFilterConfig.setName("requestHeaderTestFilter");
        requestHeaderAuthenticationFilterConfig.setRoleServiceName("rs1");
        requestHeaderAuthenticationFilterConfig.setPrincipalHeaderAttribute("principal");
        requestHeaderAuthenticationFilterConfig.setRoleSource(PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource.RoleService);
        requestHeaderAuthenticationFilterConfig.setUserGroupServiceName("ug1");
        requestHeaderAuthenticationFilterConfig.setPrincipalHeaderAttribute("principal");
        requestHeaderAuthenticationFilterConfig.setRolesHeaderAttribute("roles");
        getSecurityManager().saveFilter(requestHeaderAuthenticationFilterConfig);
        prepareFilterChain(this.pattern, new String[]{"requestHeaderTestFilter"});
        SecurityContextHolder.getContext().setAuthentication((Authentication) null);
        MockHttpServletRequest createRequest = createRequest("/foo/bar");
        createRequest.setMethod("GET");
        getProxy().doFilter(createRequest, new MockHttpServletResponse(), new MockFilterChain());
        Assert.assertEquals(403L, r0.getStatus());
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        for (RoleSource roleSource : PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource.values()) {
            getCache().removeAll();
            requestHeaderAuthenticationFilterConfig.setRoleSource(roleSource);
            getSecurityManager().saveFilter(requestHeaderAuthenticationFilterConfig);
            MockHttpServletRequest createRequest2 = createRequest("/foo/bar");
            createRequest2.setMethod("GET");
            MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
            MockFilterChain mockFilterChain = new MockFilterChain();
            createRequest2.addHeader("principal", "user1");
            if (roleSource.equals(PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource.Header)) {
                createRequest2.addHeader("roles", "DerivedRole;RootRole");
            }
            getProxy().doFilter(createRequest2, mockHttpServletResponse, mockFilterChain);
            Assert.assertEquals(200L, mockHttpServletResponse.getStatus());
            Authentication auth = getAuth("requestHeaderTestFilter", "user1", null, null);
            if (!roleSource.equals(PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource.Header)) {
                Assert.assertNotNull(auth);
                Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
                checkForAuthenticatedRole(auth);
                Assert.assertEquals("user1", auth.getPrincipal());
                Assert.assertTrue(auth.getAuthorities().contains(new GeoServerRole("RootRole")));
                Assert.assertTrue(auth.getAuthorities().contains(new GeoServerRole("DerivedRole")));
            }
        }
        for (RoleSource roleSource2 : PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource.values()) {
            getCache().removeAll();
            requestHeaderAuthenticationFilterConfig.setRoleSource(roleSource2);
            getSecurityManager().saveFilter(requestHeaderAuthenticationFilterConfig);
            requestHeaderAuthenticationFilterConfig.setRoleSource(roleSource2);
            MockHttpServletRequest createRequest3 = createRequest("/foo/bar");
            createRequest3.setMethod("GET");
            MockHttpServletResponse mockHttpServletResponse2 = new MockHttpServletResponse();
            MockFilterChain mockFilterChain2 = new MockFilterChain();
            createRequest3.addHeader("principal", "unknown");
            getProxy().doFilter(createRequest3, mockHttpServletResponse2, mockFilterChain2);
            Assert.assertEquals(200L, mockHttpServletResponse2.getStatus());
            if (!roleSource2.equals(PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource.Header)) {
                Authentication auth2 = getAuth("requestHeaderTestFilter", "unknown", null, null);
                Assert.assertNotNull(auth2);
                Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
                checkForAuthenticatedRole(auth2);
                Assert.assertEquals("unknown", auth2.getPrincipal());
            }
        }
        requestHeaderAuthenticationFilterConfig.setRoleSource(PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource.UserGroupService);
        getSecurityManager().saveFilter(requestHeaderAuthenticationFilterConfig);
        updateUser("ug1", "user1", false);
        MockHttpServletRequest createRequest4 = createRequest("/foo/bar");
        createRequest4.setMethod("GET");
        createRequest4.addHeader("principal", "user1");
        getProxy().doFilter(createRequest4, new MockHttpServletResponse(), new MockFilterChain());
        Assert.assertEquals(403L, r0.getStatus());
        Assert.assertNull(getAuth("requestHeaderTestFilter", "user1", null, null));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        updateUser("ug1", "user1", true);
        insertAnonymousFilter();
        MockHttpServletRequest createRequest5 = createRequest("/foo/bar");
        createRequest5.setMethod("GET");
        getProxy().doFilter(createRequest5, new MockHttpServletResponse(), new MockFilterChain());
        Assert.assertEquals(200L, r0.getStatus());
        removeAnonymousFilter();
    }

    @Test
    public void testDigestAuth() throws Exception {
        DigestAuthenticationFilterConfig digestAuthenticationFilterConfig = new DigestAuthenticationFilterConfig();
        digestAuthenticationFilterConfig.setClassName(GeoServerDigestAuthenticationFilter.class.getName());
        digestAuthenticationFilterConfig.setName("digestAuthTestFilter");
        digestAuthenticationFilterConfig.setUserGroupServiceName("ug1");
        getSecurityManager().saveFilter(digestAuthenticationFilterConfig);
        prepareFilterChain(this.pattern, new String[]{"digestAuthTestFilter"});
        SecurityContextHolder.getContext().setAuthentication((Authentication) null);
        MockHttpServletRequest createRequest = createRequest("/foo/bar");
        createRequest.setMethod("GET");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        getProxy().doFilter(createRequest, mockHttpServletResponse, new MockFilterChain());
        Assert.assertEquals(401L, mockHttpServletResponse.getStatus());
        String header = mockHttpServletResponse.getHeader("WWW-Authenticate");
        Assert.assertNotNull(header);
        if (!$assertionsDisabled && header.indexOf("GeoServer Realm") == -1) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && header.indexOf("Digest") == -1) {
            throw new AssertionError();
        }
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        MockHttpServletRequest createRequest2 = createRequest("/foo/bar");
        createRequest2.setMethod("GET");
        MockHttpServletResponse mockHttpServletResponse2 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain = new MockFilterChain();
        createRequest2.addHeader("Authorization", clientDigestString(header, "user1", "pw1", createRequest2.getMethod()));
        getProxy().doFilter(createRequest2, mockHttpServletResponse2, mockFilterChain);
        Assert.assertEquals(200L, mockHttpServletResponse2.getStatus());
        Authentication auth = getAuth("digestAuthTestFilter", "user1", 300, 300);
        Assert.assertNotNull(auth);
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(auth);
        Assert.assertEquals("user1", ((UserDetails) auth.getPrincipal()).getUsername());
        Assert.assertTrue(auth.getAuthorities().contains(new GeoServerRole("RootRole")));
        Assert.assertTrue(auth.getAuthorities().contains(new GeoServerRole("DerivedRole")));
        MockHttpServletRequest createRequest3 = createRequest("/foo/bar");
        createRequest3.setMethod("GET");
        MockHttpServletResponse mockHttpServletResponse3 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain2 = new MockFilterChain();
        createRequest3.addHeader("Authorization", clientDigestString(header, "unknown", "pw1", createRequest3.getMethod()));
        getProxy().doFilter(createRequest3, mockHttpServletResponse3, mockFilterChain2);
        String header2 = mockHttpServletResponse3.getHeader("WWW-Authenticate");
        Assert.assertNotNull(header2);
        if (!$assertionsDisabled && header2.indexOf("GeoServer Realm") == -1) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && header2.indexOf("Digest") == -1) {
            throw new AssertionError();
        }
        Assert.assertEquals(401L, mockHttpServletResponse3.getStatus());
        Assert.assertNull(getAuth("digestAuthTestFilter", "unknown", 300, 300));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        MockHttpServletRequest createRequest4 = createRequest("/foo/bar");
        createRequest4.setMethod("GET");
        MockHttpServletResponse mockHttpServletResponse4 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain3 = new MockFilterChain();
        MasterPasswordProviderConfig loadMasterPassswordProviderConfig = getSecurityManager().loadMasterPassswordProviderConfig(getSecurityManager().getMasterPasswordConfig().getProviderName());
        loadMasterPassswordProviderConfig.setLoginEnabled(true);
        getSecurityManager().saveMasterPasswordProviderConfig(loadMasterPassswordProviderConfig);
        createRequest4.addHeader("Authorization", clientDigestString(header2, "root", getMasterPassword(), createRequest4.getMethod()));
        getProxy().doFilter(createRequest4, mockHttpServletResponse4, mockFilterChain3);
        Assert.assertEquals(200L, mockHttpServletResponse4.getStatus());
        Assert.assertNull(getAuth("digestAuthTestFilter", "root", 300, 300));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        MockHttpServletRequest createRequest5 = createRequest("/foo/bar");
        createRequest5.setMethod("GET");
        MockHttpServletResponse mockHttpServletResponse5 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain4 = new MockFilterChain();
        createRequest5.addHeader("Authorization", clientDigestString(header2, "root", "geoserver1", createRequest5.getMethod()));
        getProxy().doFilter(createRequest5, mockHttpServletResponse5, mockFilterChain4);
        String header3 = mockHttpServletResponse5.getHeader("WWW-Authenticate");
        Assert.assertNotNull(header3);
        if (!$assertionsDisabled && header3.indexOf("GeoServer Realm") == -1) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && header3.indexOf("Digest") == -1) {
            throw new AssertionError();
        }
        Assert.assertEquals(401L, mockHttpServletResponse5.getStatus());
        Assert.assertNull(getAuth("digestAuthTestFilter", "root", 300, 300));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        updateUser("ug1", "user1", false);
        MockHttpServletRequest createRequest6 = createRequest("/foo/bar");
        createRequest6.setMethod("GET");
        MockHttpServletResponse mockHttpServletResponse6 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain5 = new MockFilterChain();
        createRequest6.addHeader("Authorization", clientDigestString(header3, "user1", "pw1", createRequest6.getMethod()));
        getProxy().doFilter(createRequest6, mockHttpServletResponse6, mockFilterChain5);
        Assert.assertEquals(200L, mockHttpServletResponse6.getStatus());
        Authentication auth2 = getAuth("digestAuthTestFilter", "user1", 300, 300);
        Assert.assertNotNull(auth2);
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(auth2);
        Assert.assertEquals("user1", ((UserDetails) auth2.getPrincipal()).getUsername());
        Assert.assertTrue(auth2.getAuthorities().contains(new GeoServerRole("RootRole")));
        Assert.assertTrue(auth2.getAuthorities().contains(new GeoServerRole("DerivedRole")));
        getCache().removeAll();
        MockHttpServletRequest createRequest7 = createRequest("/foo/bar");
        createRequest7.setMethod("GET");
        MockHttpServletResponse mockHttpServletResponse7 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain6 = new MockFilterChain();
        createRequest7.addHeader("Authorization", clientDigestString(header3, "unknown", "pw1", createRequest7.getMethod()));
        getProxy().doFilter(createRequest7, mockHttpServletResponse7, mockFilterChain6);
        String header4 = mockHttpServletResponse7.getHeader("WWW-Authenticate");
        Assert.assertNotNull(header4);
        if (!$assertionsDisabled && header4.indexOf("GeoServer Realm") == -1) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && header4.indexOf("Digest") == -1) {
            throw new AssertionError();
        }
        Assert.assertEquals(401L, mockHttpServletResponse7.getStatus());
        Assert.assertNull(getAuth("digestAuthTestFilter", "user1", 300, 300));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        updateUser("ug1", "user1", true);
        insertAnonymousFilter();
        MockHttpServletRequest createRequest8 = createRequest("/foo/bar");
        createRequest8.setMethod("GET");
        getProxy().doFilter(createRequest8, new MockHttpServletResponse(), new MockFilterChain());
        Assert.assertEquals(200L, r0.getStatus());
        removeAnonymousFilter();
    }

    @Test
    public void testBasicAuthWithRememberMe() throws Exception {
        BasicAuthenticationFilterConfig basicAuthenticationFilterConfig = new BasicAuthenticationFilterConfig();
        basicAuthenticationFilterConfig.setClassName(GeoServerBasicAuthenticationFilter.class.getName());
        basicAuthenticationFilterConfig.setUseRememberMe(true);
        basicAuthenticationFilterConfig.setName("basicAuthTestFilterWithRememberMe");
        getSecurityManager().saveFilter(basicAuthenticationFilterConfig);
        prepareFilterChain(this.pattern, new String[]{"basicAuthTestFilterWithRememberMe", "rememberme"});
        SecurityContextHolder.getContext().setAuthentication((Authentication) null);
        MockHttpServletRequest createRequest = createRequest("/foo/bar");
        createRequest.setMethod("GET");
        createRequest.addParameter("_spring_security_remember_me", "yes");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        getProxy().doFilter(createRequest, mockHttpServletResponse, new MockFilterChain());
        Assert.assertEquals(0L, mockHttpServletResponse.getCookies().length);
        Assert.assertNotNull(mockHttpServletResponse.getHeader("WWW-Authenticate"));
        MockHttpServletRequest createRequest2 = createRequest("/foo/bar");
        createRequest2.setMethod("GET");
        createRequest2.addParameter("_spring_security_remember_me", "yes");
        MockHttpServletResponse mockHttpServletResponse2 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain = new MockFilterChain();
        createRequest2.addHeader("Authorization", "Basic " + new String(Base64.encodeBytes("abc@xyz.com:abc".getBytes())));
        getProxy().doFilter(createRequest2, mockHttpServletResponse2, mockFilterChain);
        Assert.assertEquals(200L, mockHttpServletResponse2.getStatus());
        Authentication auth = getAuth("basicAuthTestFilterWithRememberMe", "abc@xyz.com", null, null);
        Assert.assertNotNull(auth);
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(auth);
        Assert.assertEquals(1L, mockHttpServletResponse2.getCookies().length);
        Cookie cookie = mockHttpServletResponse2.getCookies()[0];
        MockHttpServletRequest createRequest3 = createRequest("/foo/bar");
        createRequest3.setMethod("GET");
        createRequest3.addParameter("_spring_security_remember_me", "yes");
        createRequest3.setCookies(new Cookie[]{cookie});
        getProxy().doFilter(createRequest3, new MockHttpServletResponse(), new MockFilterChain());
        Assert.assertEquals(200L, r0.getStatus());
        Authentication auth2 = getAuth("basicAuthTestFilterWithRememberMe", "abc@xyz.com", null, null);
        Assert.assertNotNull(auth2);
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(auth2);
        Assert.assertEquals("abc@xyz.com", ((UserDetails) auth2.getPrincipal()).getUsername());
        MockHttpServletRequest createRequest4 = createRequest("/foo/bar");
        createRequest4.setMethod("GET");
        createRequest4.addParameter("_spring_security_remember_me", "yes");
        createRequest4.setCookies(new Cookie[]{cookie});
        MockHttpServletResponse mockHttpServletResponse3 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain2 = new MockFilterChain();
        createRequest4.addHeader("Authorization", "Basic " + new String(Base64.encodeBytes("abc@xyz.com:abc".getBytes())));
        getProxy().doFilter(createRequest4, mockHttpServletResponse3, mockFilterChain2);
        Assert.assertEquals(200L, mockHttpServletResponse3.getStatus());
        Authentication auth3 = getAuth("basicAuthTestFilterWithRememberMe", "abc@xyz.com", null, null);
        Assert.assertNotNull(auth3);
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(auth3);
        Assert.assertEquals("abc@xyz.com", ((UserDetails) auth3.getPrincipal()).getUsername());
        MockHttpServletRequest createRequest5 = createRequest("/foo/bar");
        createRequest5.setMethod("GET");
        createRequest5.addParameter("_spring_security_remember_me", "yes");
        MockHttpServletResponse mockHttpServletResponse4 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain3 = new MockFilterChain();
        createRequest5.addHeader("Authorization", "Basic " + new String(Base64.encodeBytes(("root:" + getMasterPassword()).getBytes())));
        getProxy().doFilter(createRequest5, mockHttpServletResponse4, mockFilterChain3);
        Assert.assertEquals(401L, mockHttpServletResponse4.getStatus());
        MasterPasswordProviderConfig loadMasterPassswordProviderConfig = getSecurityManager().loadMasterPassswordProviderConfig(getSecurityManager().getMasterPasswordConfig().getProviderName());
        loadMasterPassswordProviderConfig.setLoginEnabled(true);
        getSecurityManager().saveMasterPasswordProviderConfig(loadMasterPassswordProviderConfig);
        getProxy().doFilter(createRequest5, new MockHttpServletResponse(), mockFilterChain3);
        Assert.assertEquals(200L, r0.getStatus());
        Assert.assertNull(getAuth("basicAuthTestFilterWithRememberMe", "root", null, null));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        Assert.assertEquals(0L, r0.getCookies().length);
        updateUser("ug1", "abc@xyz.com", false);
        MockHttpServletRequest createRequest6 = createRequest("/foo/bar");
        createRequest6.setMethod("GET");
        createRequest6.addParameter("_spring_security_remember_me", "yes");
        createRequest6.setCookies(new Cookie[]{cookie});
        MockHttpServletResponse mockHttpServletResponse5 = new MockHttpServletResponse();
        getProxy().doFilter(createRequest6, mockHttpServletResponse5, new MockFilterChain());
        Assert.assertEquals(401L, mockHttpServletResponse5.getStatus());
        Assert.assertEquals(1L, mockHttpServletResponse5.getCookies().length);
        Assert.assertNull(mockHttpServletResponse5.getCookies()[0].getValue());
        updateUser("ug1", "abc@xyz.com", true);
    }

    @Test
    public void testX509Auth() throws Exception {
        X509CertificateAuthenticationFilterConfig x509CertificateAuthenticationFilterConfig = new X509CertificateAuthenticationFilterConfig();
        x509CertificateAuthenticationFilterConfig.setClassName(GeoServerX509CertificateAuthenticationFilter.class.getName());
        x509CertificateAuthenticationFilterConfig.setName("x509TestFilter");
        x509CertificateAuthenticationFilterConfig.setRoleServiceName("rs1");
        x509CertificateAuthenticationFilterConfig.setRoleSource(PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource.RoleService);
        x509CertificateAuthenticationFilterConfig.setUserGroupServiceName("ug1");
        x509CertificateAuthenticationFilterConfig.setRolesHeaderAttribute("roles");
        getSecurityManager().saveFilter(x509CertificateAuthenticationFilterConfig);
        prepareFilterChain(this.pattern, new String[]{"x509TestFilter"});
        SecurityContextHolder.getContext().setAuthentication((Authentication) null);
        MockHttpServletRequest createRequest = createRequest("/foo/bar");
        createRequest.setMethod("GET");
        getProxy().doFilter(createRequest, new MockHttpServletResponse(), new MockFilterChain());
        Assert.assertEquals(403L, r0.getStatus());
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        for (RoleSource roleSource : PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource.values()) {
            getCache().removeAll();
            x509CertificateAuthenticationFilterConfig.setRoleSource(roleSource);
            getSecurityManager().saveFilter(x509CertificateAuthenticationFilterConfig);
            MockHttpServletRequest createRequest2 = createRequest("/foo/bar");
            createRequest2.setMethod("GET");
            MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
            MockFilterChain mockFilterChain = new MockFilterChain();
            if (roleSource.equals(PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource.Header)) {
                createRequest2.addHeader("roles", "DerivedRole;RootRole");
            }
            setCertifacteForUser("user1", createRequest2);
            getProxy().doFilter(createRequest2, mockHttpServletResponse, mockFilterChain);
            Assert.assertEquals(200L, mockHttpServletResponse.getStatus());
            if (!roleSource.equals(PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource.Header)) {
                Authentication auth = getAuth("x509TestFilter", "user1", null, null);
                Assert.assertNotNull(auth);
                Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
                checkForAuthenticatedRole(auth);
                Assert.assertEquals("user1", auth.getPrincipal());
                Assert.assertTrue(auth.getAuthorities().contains(new GeoServerRole("RootRole")));
                Assert.assertTrue(auth.getAuthorities().contains(new GeoServerRole("DerivedRole")));
            }
        }
        for (RoleSource roleSource2 : PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource.values()) {
            getCache().removeAll();
            x509CertificateAuthenticationFilterConfig.setRoleSource(roleSource2);
            getSecurityManager().saveFilter(x509CertificateAuthenticationFilterConfig);
            x509CertificateAuthenticationFilterConfig.setRoleSource(roleSource2);
            MockHttpServletRequest createRequest3 = createRequest("/foo/bar");
            createRequest3.setMethod("GET");
            MockHttpServletResponse mockHttpServletResponse2 = new MockHttpServletResponse();
            MockFilterChain mockFilterChain2 = new MockFilterChain();
            setCertifacteForUser("unknown", createRequest3);
            getProxy().doFilter(createRequest3, mockHttpServletResponse2, mockFilterChain2);
            Assert.assertEquals(200L, mockHttpServletResponse2.getStatus());
            if (!roleSource2.equals(PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource.Header)) {
                Authentication auth2 = getAuth("x509TestFilter", "unknown", null, null);
                Assert.assertNotNull(auth2);
                Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
                checkForAuthenticatedRole(auth2);
                Assert.assertEquals("unknown", auth2.getPrincipal());
            }
        }
        updateUser("ug1", "user1", false);
        x509CertificateAuthenticationFilterConfig.setRoleSource(PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource.UserGroupService);
        getSecurityManager().saveFilter(x509CertificateAuthenticationFilterConfig);
        MockHttpServletRequest createRequest4 = createRequest("/foo/bar");
        createRequest4.setMethod("GET");
        MockHttpServletResponse mockHttpServletResponse3 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain3 = new MockFilterChain();
        setCertifacteForUser("user1", createRequest4);
        getProxy().doFilter(createRequest4, mockHttpServletResponse3, mockFilterChain3);
        Assert.assertEquals(403L, mockHttpServletResponse3.getStatus());
        Assert.assertNull(getAuth("x509TestFilter", "user1", 0, 0));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        updateUser("ug1", "user1", true);
        insertAnonymousFilter();
        MockHttpServletRequest createRequest5 = createRequest("/foo/bar");
        createRequest5.setMethod("GET");
        getProxy().doFilter(createRequest5, new MockHttpServletResponse(), new MockFilterChain());
        Assert.assertEquals(200L, r0.getStatus());
        removeAnonymousFilter();
    }

    @Test
    @RunTestSetup
    public void testCascadingFilters() throws Exception {
        DigestAuthenticationFilterConfig digestAuthenticationFilterConfig = new DigestAuthenticationFilterConfig();
        digestAuthenticationFilterConfig.setClassName(GeoServerDigestAuthenticationFilter.class.getName());
        digestAuthenticationFilterConfig.setName("digestAuthTestFilter");
        digestAuthenticationFilterConfig.setUserGroupServiceName("ug1");
        getSecurityManager().saveFilter(digestAuthenticationFilterConfig);
        prepareFilterChain(this.pattern, new String[]{"basicAuthTestFilter", "digestAuthTestFilter"});
        SecurityContextHolder.getContext().setAuthentication((Authentication) null);
        MockHttpServletRequest createRequest = createRequest("/foo/bar");
        createRequest.setMethod("GET");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        getProxy().doFilter(createRequest, mockHttpServletResponse, new MockFilterChain());
        Assert.assertEquals(401L, mockHttpServletResponse.getStatus());
        String header = mockHttpServletResponse.getHeader("WWW-Authenticate");
        Assert.assertNotNull(header);
        if (!$assertionsDisabled && header.indexOf("GeoServer Realm") == -1) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && header.indexOf("Digest") == -1) {
            throw new AssertionError();
        }
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        MockHttpServletRequest createRequest2 = createRequest("/foo/bar");
        createRequest2.setMethod("GET");
        MockHttpServletResponse mockHttpServletResponse2 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain = new MockFilterChain();
        createRequest2.addHeader("Authorization", clientDigestString(header, "user1", "pw1", createRequest2.getMethod()));
        getProxy().doFilter(createRequest2, mockHttpServletResponse2, mockFilterChain);
        Assert.assertEquals(200L, mockHttpServletResponse2.getStatus());
        Authentication auth = getAuth("digestAuthTestFilter", "user1", 300, 300);
        Assert.assertNotNull(auth);
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(auth);
        Assert.assertEquals("user1", ((UserDetails) auth.getPrincipal()).getUsername());
        Assert.assertTrue(auth.getAuthorities().contains(new GeoServerRole("RootRole")));
        Assert.assertTrue(auth.getAuthorities().contains(new GeoServerRole("DerivedRole")));
        MockHttpServletRequest createRequest3 = createRequest("/foo/bar");
        createRequest3.setMethod("GET");
        MockHttpServletResponse mockHttpServletResponse3 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain2 = new MockFilterChain();
        createRequest3.addHeader("Authorization", "Basic " + new String(Base64.encodeBytes("user1:pw1".getBytes())));
        getProxy().doFilter(createRequest3, mockHttpServletResponse3, mockFilterChain2);
        Assert.assertEquals(200L, mockHttpServletResponse3.getStatus());
        Authentication auth2 = getAuth("basicAuthTestFilter", "user1", null, null);
        Assert.assertNotNull(auth2);
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(auth2);
        Assert.assertEquals("user1", ((UserDetails) auth2.getPrincipal()).getUsername());
        Assert.assertTrue(auth2.getAuthorities().contains(new GeoServerRole("RootRole")));
        Assert.assertTrue(auth2.getAuthorities().contains(new GeoServerRole("DerivedRole")));
    }

    static {
        $assertionsDisabled = !AuthenticationCacheFilterTest.class.desiredAssertionStatus();
    }
}
