package org.geoserver.security.auth;

import java.io.IOException;
import org.geoserver.data.test.SystemTestData;
import org.geoserver.platform.GeoServerEnvironment;
import org.geoserver.security.GeoServerUserGroupStore;
import org.geoserver.security.config.UsernamePasswordAuthenticationProviderConfig;
import org.geoserver.security.filter.GeoServerBasicAuthenticationFilterTest;
import org.geoserver.security.validation.PasswordPolicyException;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;

/* loaded from: input_file:org/geoserver/security/auth/PwdEnvParametrizationTest.class */
public class PwdEnvParametrizationTest extends AbstractAuthenticationProviderTest {
    private static final String PLAIN_TXT_PRV = "plainProvider";
    private static final String PBE_PRV = "pbeProvider";
    private static final String STRONG_PBE_PRV = "strongProvider";
    private static final String PLAIN_UG_SRV = "plainTextUgSrv";
    private static final String PBE_UG_SRV = "pbeUgSrv";
    private static final String STRONG_PBE_UG_SRV = "strongPbeUgSrv";

    @BeforeClass
    public static void setupClass() {
        System.setProperty("ALLOW_ENV_PARAMETRIZATION", "true");
        GeoServerEnvironment.reloadAllowEnvParametrization();
    }

    @AfterClass
    public static void tearDownClass() {
        System.clearProperty("ALLOW_ENV_PARAMETRIZATION");
        GeoServerEnvironment.reloadAllowEnvParametrization();
    }

    protected void onSetUp(SystemTestData systemTestData) throws Exception {
        super.onSetUp(systemTestData);
        createUserGroupService(PLAIN_UG_SRV, getPlainTextPasswordEncoder().getName());
        createUserGroupService(PBE_UG_SRV, getPBEPasswordEncoder().getName());
        createUserGroupService(STRONG_PBE_UG_SRV, getStrongPBEPasswordEncoder().getName());
        UsernamePasswordAuthenticationProviderConfig usernamePasswordAuthenticationProviderConfig = new UsernamePasswordAuthenticationProviderConfig();
        usernamePasswordAuthenticationProviderConfig.setUserGroupServiceName(PLAIN_UG_SRV);
        usernamePasswordAuthenticationProviderConfig.setName(PLAIN_TXT_PRV);
        usernamePasswordAuthenticationProviderConfig.setClassName(UsernamePasswordAuthenticationProvider.class.getName());
        getSecurityManager().saveAuthenticationProvider(usernamePasswordAuthenticationProviderConfig);
        UsernamePasswordAuthenticationProviderConfig usernamePasswordAuthenticationProviderConfig2 = new UsernamePasswordAuthenticationProviderConfig();
        usernamePasswordAuthenticationProviderConfig2.setUserGroupServiceName(PBE_UG_SRV);
        usernamePasswordAuthenticationProviderConfig2.setName(PBE_PRV);
        usernamePasswordAuthenticationProviderConfig2.setClassName(UsernamePasswordAuthenticationProvider.class.getName());
        getSecurityManager().saveAuthenticationProvider(usernamePasswordAuthenticationProviderConfig2);
        UsernamePasswordAuthenticationProviderConfig usernamePasswordAuthenticationProviderConfig3 = new UsernamePasswordAuthenticationProviderConfig();
        usernamePasswordAuthenticationProviderConfig3.setUserGroupServiceName(STRONG_PBE_UG_SRV);
        usernamePasswordAuthenticationProviderConfig3.setName(STRONG_PBE_PRV);
        usernamePasswordAuthenticationProviderConfig3.setClassName(UsernamePasswordAuthenticationProvider.class.getName());
        getSecurityManager().saveAuthenticationProvider(usernamePasswordAuthenticationProviderConfig3);
    }

    @Test
    public void testPbeUgSrvWithPlainTxtPwd() throws IOException, PasswordPolicyException {
        System.setProperty("env.pwd1", "plain:my_password");
        try {
            createGeoServerUser("test_env1", "${env.pwd1}", PBE_UG_SRV);
            Assert.assertNotNull(getSecurityManager().loadAuthenticationProvider(PBE_PRV).authenticate(new UsernamePasswordAuthenticationToken("test_env1", "my_password")));
            removePwdEnv("env.pwd1");
        } catch (Throwable th) {
            removePwdEnv("env.pwd1");
            throw th;
        }
    }

    @Test
    public void testPbeUgSrvWithDigestPwd() throws IOException, PasswordPolicyException {
        System.setProperty("env.pwd2", "digest1:D9miJH/hVgfxZJscMafEtbtliG0ROxhLfsznyWfG38X2pda2JOSV4POi55PQI4tw");
        try {
            createGeoServerUser("test_env2", "${env.pwd2}", PBE_UG_SRV);
            Assert.assertNotNull(getSecurityManager().loadAuthenticationProvider(PBE_PRV).authenticate(new UsernamePasswordAuthenticationToken("test_env2", GeoServerBasicAuthenticationFilterTest.PASSWORD)));
            removePwdEnv("env.pwd2");
        } catch (Throwable th) {
            removePwdEnv("env.pwd2");
            throw th;
        }
    }

    @Test
    public void testPlainTxtUgSrvWithPlainTxtPwd() throws IOException, PasswordPolicyException {
        System.setProperty("env.pwd3", "plain:my_password");
        try {
            createGeoServerUser("test_env3", "${env.pwd3}", PLAIN_UG_SRV);
            Assert.assertNotNull(getSecurityManager().loadAuthenticationProvider(PLAIN_TXT_PRV).authenticate(new UsernamePasswordAuthenticationToken("test_env3", "my_password")));
            removePwdEnv("env.pwd3");
        } catch (Throwable th) {
            removePwdEnv("env.pwd3");
            throw th;
        }
    }

    @Test
    public void testPlainTxtUgSrvWithDigestPwd() throws IOException, PasswordPolicyException {
        System.setProperty("env.pwd4", "digest1:D9miJH/hVgfxZJscMafEtbtliG0ROxhLfsznyWfG38X2pda2JOSV4POi55PQI4tw");
        try {
            createGeoServerUser("test_env4", "${env.pwd4}", PLAIN_UG_SRV);
            Assert.assertNotNull(getSecurityManager().loadAuthenticationProvider(PLAIN_TXT_PRV).authenticate(new UsernamePasswordAuthenticationToken("test_env4", GeoServerBasicAuthenticationFilterTest.PASSWORD)));
            removePwdEnv("env.pwd4");
        } catch (Throwable th) {
            removePwdEnv("env.pwd4");
            throw th;
        }
    }

    @Test
    public void testStrongPBETxtUgSrvWithPlainTxtPwd() throws IOException, PasswordPolicyException {
        System.setProperty("env.pwd5", "plain:my_password");
        try {
            createGeoServerUser("test_env5", "${env.pwd5}", STRONG_PBE_UG_SRV);
            Assert.assertNotNull(getSecurityManager().loadAuthenticationProvider(STRONG_PBE_PRV).authenticate(new UsernamePasswordAuthenticationToken("test_env5", "my_password")));
            removePwdEnv("env.pwd5");
        } catch (Throwable th) {
            removePwdEnv("env.pwd5");
            throw th;
        }
    }

    @Test
    public void testStrongPBEUgSrvWithDigestPwd() throws IOException, PasswordPolicyException {
        System.setProperty("env.pwd6", "digest1:D9miJH/hVgfxZJscMafEtbtliG0ROxhLfsznyWfG38X2pda2JOSV4POi55PQI4tw");
        try {
            createGeoServerUser("test_env6", "${env.pwd6}", PLAIN_UG_SRV);
            Assert.assertNotNull(getSecurityManager().loadAuthenticationProvider(PLAIN_TXT_PRV).authenticate(new UsernamePasswordAuthenticationToken("test_env6", GeoServerBasicAuthenticationFilterTest.PASSWORD)));
            removePwdEnv("env.pwd6");
        } catch (Throwable th) {
            removePwdEnv("env.pwd6");
            throw th;
        }
    }

    @Test
    public void testStrongPBEUgSrvAuthFails() throws IOException, PasswordPolicyException {
        System.setProperty("env.pwd7", "digest1:D9miJH/hVgfxZJscMafEtbtliG0ROxhLfsznyWfG38X2pda2JOSV4POi55PQI4tw");
        try {
            createGeoServerUser("test_env7", "${env.pwd7}", PLAIN_UG_SRV);
            Assert.assertNull(getSecurityManager().loadAuthenticationProvider(PLAIN_TXT_PRV).authenticate(new UsernamePasswordAuthenticationToken("test_env7", "wrong")));
            removePwdEnv("env.pwd7");
        } catch (Throwable th) {
            removePwdEnv("env.pwd7");
            throw th;
        }
    }

    @Test
    public void testPlainTxtUgSrvAuthFails() throws IOException, PasswordPolicyException {
        System.setProperty("env.pwd8", "digest1:D9miJH/hVgfxZJscMafEtbtliG0ROxhLfsznyWfG38X2pda2JOSV4POi55PQI4tw");
        try {
            createGeoServerUser("test_env8", "${env.pwd8}", PLAIN_UG_SRV);
            Assert.assertNull(getSecurityManager().loadAuthenticationProvider(PLAIN_TXT_PRV).authenticate(new UsernamePasswordAuthenticationToken("test_env8", "wrong")));
            removePwdEnv("env.pwd8");
        } catch (Throwable th) {
            removePwdEnv("env.pwd8");
            throw th;
        }
    }

    @Test
    public void testPbeUgSrvAuthFails() throws IOException, PasswordPolicyException {
        System.setProperty("env.pwd9", "plain:my_password");
        try {
            createGeoServerUser("test_env9", "${env.pwd9}", PBE_UG_SRV);
            Assert.assertNull(getSecurityManager().loadAuthenticationProvider(PBE_PRV).authenticate(new UsernamePasswordAuthenticationToken("test_env9", "wrong")));
            removePwdEnv("env.pwd9");
        } catch (Throwable th) {
            removePwdEnv("env.pwd9");
            throw th;
        }
    }

    private void createGeoServerUser(String str, String str2, String str3) throws IOException, PasswordPolicyException {
        GeoServerUserGroupStore createStore = getSecurityManager().loadUserGroupService(str3).createStore();
        createStore.addUser(createStore.createUserObject(str, str2, true));
        createStore.store();
    }

    private void removePwdEnv(String str) {
        System.clearProperty(str);
    }
}
