package org.geoserver.security;

import java.io.IOException;
import java.util.Collections;
import org.geoserver.data.test.SystemTestData;
import org.geoserver.security.impl.GeoServerRole;
import org.geoserver.security.impl.GeoServerUser;
import org.geoserver.security.impl.GeoServerUserGroup;
import org.geoserver.security.impl.GroupAdminProperty;
import org.geoserver.security.xml.XMLRoleService;
import org.geoserver.security.xml.XMLRoleServiceConfig;
import org.geoserver.security.xml.XMLUserGroupService;
import org.geoserver.security.xml.XMLUserGroupServiceConfig;
import org.junit.After;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Before;
import org.junit.Test;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:org/geoserver/security/GroupAdminServiceTest.class */
public class GroupAdminServiceTest extends AbstractSecurityServiceTest {
    protected GeoServerUserGroupStore ugStore;
    protected GeoServerRoleStore roleStore;
    GeoServerUser bob;
    GeoServerUser alice;
    GeoServerUserGroup users;
    GeoServerUserGroup admins;

    protected void onSetUp(SystemTestData systemTestData) throws Exception {
        super.onSetUp(systemTestData);
        GeoServerUserGroupService createUserGroupService = createUserGroupService("gaugs");
        GeoServerRoleService createRoleService = createRoleService("gars");
        getSecurityManager().setActiveRoleService(createRoleService);
        GeoServerUserGroupStore createStore = createStore(createUserGroupService);
        GeoServerUser createUserObject = createStore.createUserObject("bob", "foobar", true);
        GroupAdminProperty.set(createUserObject.getProperties(), new String[]{"users"});
        createStore.addUser(createUserObject);
        createStore.addUser(createStore.createUserObject("alice", "foobar", true));
        createStore.addGroup(createStore.createGroupObject("users", true));
        createStore.addGroup(createStore.createGroupObject("admins", true));
        createStore.store();
        GeoServerRoleStore createStore2 = createStore(createRoleService);
        createStore2.addRole(createStore2.createRoleObject("adminRole"));
        GeoServerRole createRoleObject = createStore2.createRoleObject("groupAdminRole");
        createStore2.addRole(createRoleObject);
        createStore2.associateRoleToUser(createRoleObject, createUserObject.getUsername());
        createStore2.store();
    }

    @Before
    public void init() throws Exception {
        GeoServerSecurityManager securityManager = getSecurityManager();
        this.ugStore = securityManager.loadUserGroupService("gaugs").createStore();
        this.roleStore = securityManager.loadRoleService("gars").createStore();
        this.bob = this.ugStore.getUserByUsername("bob");
        this.alice = this.ugStore.getUserByUsername("alice");
        this.users = this.ugStore.getGroupByGroupname("users");
        this.admins = this.ugStore.getGroupByGroupname("admins");
    }

    @Before
    public void removeBill() throws Exception {
        GeoServerUserGroupStore createStore = getSecurityManager().loadUserGroupService("gaugs").createStore();
        GeoServerUser userByUsername = createStore.getUserByUsername("bill");
        if (userByUsername == null) {
            createStore.load();
        } else {
            createStore.removeUser(userByUsername);
            createStore.store();
        }
    }

    @After
    public void clearAuth() {
        SecurityContextHolder.getContext().setAuthentication((Authentication) null);
    }

    public GeoServerRoleService createRoleService(String str) throws Exception {
        XMLRoleServiceConfig xMLRoleServiceConfig = new XMLRoleServiceConfig();
        xMLRoleServiceConfig.setName(str);
        xMLRoleServiceConfig.setAdminRoleName("adminRole");
        xMLRoleServiceConfig.setGroupAdminRoleName("groupAdminRole");
        xMLRoleServiceConfig.setClassName(XMLRoleService.class.getName());
        xMLRoleServiceConfig.setCheckInterval(1000L);
        xMLRoleServiceConfig.setFileName("roles.xml");
        getSecurityManager().saveRoleService(xMLRoleServiceConfig);
        return getSecurityManager().loadRoleService(xMLRoleServiceConfig.getName());
    }

    public GeoServerUserGroupService createUserGroupService(String str) throws Exception {
        XMLUserGroupServiceConfig xMLUserGroupServiceConfig = new XMLUserGroupServiceConfig();
        xMLUserGroupServiceConfig.setName(str);
        xMLUserGroupServiceConfig.setClassName(XMLUserGroupService.class.getName());
        xMLUserGroupServiceConfig.setFileName("users.xml");
        xMLUserGroupServiceConfig.setCheckInterval(1000L);
        xMLUserGroupServiceConfig.setPasswordEncoderName(getDigestPasswordEncoder().getName());
        xMLUserGroupServiceConfig.setPasswordPolicyName("default");
        getSecurityManager().saveUserGroupService(xMLUserGroupServiceConfig);
        return getSecurityManager().loadUserGroupService(str);
    }

    void setAuth() {
        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(this.bob, this.bob.getPassword(), Collections.singletonList(GeoServerRole.GROUP_ADMIN_ROLE)));
    }

    @Test
    public void testWrapRoleService() throws Exception {
        Assert.assertFalse(getSecurityManager().getActiveRoleService() instanceof GroupAdminRoleService);
        setAuth();
        Assert.assertTrue(getSecurityManager().getActiveRoleService() instanceof GroupAdminRoleService);
    }

    @Test
    public void testWrapUserGroupService() throws Exception {
        Assert.assertFalse(getSecurityManager().loadUserGroupService(this.ugStore.getName()) instanceof GroupAdminUserGroupService);
        setAuth();
        Assert.assertTrue(getSecurityManager().loadUserGroupService(this.ugStore.getName()) instanceof GroupAdminUserGroupService);
    }

    @Test
    public void testHideAdminRole() throws Exception {
        GeoServerRoleService activeRoleService = getSecurityManager().getActiveRoleService();
        GeoServerRole createRoleObject = activeRoleService.createRoleObject("adminRole");
        Assert.assertTrue(activeRoleService.getRoles().contains(createRoleObject));
        Assert.assertNotNull(activeRoleService.getAdminRole());
        Assert.assertNotNull(activeRoleService.getRoleByName("adminRole"));
        setAuth();
        GeoServerRoleService activeRoleService2 = getSecurityManager().getActiveRoleService();
        Assert.assertFalse(activeRoleService2.getRoles().contains(createRoleObject));
        Assert.assertNull(activeRoleService2.getAdminRole());
        Assert.assertNull(activeRoleService2.getRoleByName("adminRole"));
    }

    @Test
    public void testHideGroups() throws Exception {
        Assume.assumeFalse(System.getProperty("macos-github-build") != null);
        GeoServerUserGroupService loadUserGroupService = getSecurityManager().loadUserGroupService(this.ugStore.getName());
        Assert.assertTrue(loadUserGroupService.getUserGroups().contains(this.users));
        Assert.assertNotNull(loadUserGroupService.getGroupByGroupname("users"));
        Assert.assertTrue(loadUserGroupService.getUserGroups().contains(this.admins));
        Assert.assertNotNull(loadUserGroupService.getGroupByGroupname("admins"));
        setAuth();
        GeoServerUserGroupService loadUserGroupService2 = getSecurityManager().loadUserGroupService(this.ugStore.getName());
        Assert.assertTrue(loadUserGroupService2.getUserGroups().contains(this.users));
        Assert.assertNotNull(loadUserGroupService2.getGroupByGroupname("users"));
        Assert.assertFalse(loadUserGroupService2.getUserGroups().contains(this.admins));
        Assert.assertNull(loadUserGroupService2.getGroupByGroupname("admins"));
    }

    @Test
    public void testRoleServiceReadOnly() throws Exception {
        setAuth();
        GeoServerRoleService activeRoleService = getSecurityManager().getActiveRoleService();
        Assert.assertFalse(activeRoleService.canCreateStore());
        Assert.assertNull(activeRoleService.createStore());
    }

    @Test
    public void testCreateNewUser() throws Exception {
        setAuth();
        GeoServerUserGroupService loadUserGroupService = getSecurityManager().loadUserGroupService(this.ugStore.getName());
        GeoServerUserGroupStore createStore = loadUserGroupService.createStore();
        createStore.addUser(createStore.createUserObject("bill", "foobar", true));
        createStore.store();
        Assert.assertNotNull(loadUserGroupService.getUserByUsername("bill"));
    }

    @Test
    public void testAssignUserToGroup() throws Exception {
        testCreateNewUser();
        GeoServerUserGroupStore createStore = getSecurityManager().loadUserGroupService(this.ugStore.getName()).createStore();
        GeoServerUser userByUsername = createStore.getUserByUsername("bill");
        createStore.associateUserToGroup(userByUsername, this.users);
        createStore.store();
        Assert.assertEquals(1L, createStore.getGroupsForUser(userByUsername).size());
        Assert.assertTrue(createStore.getGroupsForUser(userByUsername).contains(this.users));
        createStore.associateUserToGroup(userByUsername, this.admins);
        createStore.store();
        Assert.assertEquals(1L, createStore.getGroupsForUser(userByUsername).size());
        Assert.assertTrue(createStore.getGroupsForUser(userByUsername).contains(this.users));
        Assert.assertFalse(createStore.getGroupsForUser(userByUsername).contains(this.admins));
    }

    @Test
    public void testRemoveUserInGroup() throws Exception {
        testAssignUserToGroup();
        GeoServerUserGroupStore createStore = getSecurityManager().loadUserGroupService(this.ugStore.getName()).createStore();
        createStore.removeUser(createStore.getUserByUsername("bill"));
        createStore.store();
        Assert.assertNull(createStore.getUserByUsername("bill"));
    }

    @Test
    public void testRemoveUserNotInGroup() throws Exception {
        Assume.assumeFalse(System.getProperty("macos-github-build") != null);
        GeoServerUserGroupStore createStore = getSecurityManager().loadUserGroupService(this.ugStore.getName()).createStore();
        GeoServerUser createUserObject = createStore.createUserObject("sally", "foobar", true);
        createStore.addUser(createUserObject);
        createStore.associateUserToGroup(createUserObject, this.admins);
        createStore.store();
        setAuth();
        GeoServerUserGroupStore createStore2 = getSecurityManager().loadUserGroupService(createStore.getName()).createStore();
        try {
            createStore2.removeUser(createUserObject);
            Assert.fail();
        } catch (IOException e) {
            createStore2.load();
        }
    }
}
