package org.geoserver.security.ldap;

import java.io.File;
import java.util.Iterator;
import junit.framework.TestCase;
import org.geoserver.config.GeoServerDataDirectory;
import org.geoserver.platform.GeoServerResourceLoader;
import org.geoserver.security.GeoServerSecurityManager;
import org.springframework.ldap.test.LdapTestUtils;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;

/* loaded from: input_file:org/geoserver/security/ldap/LDAPAuthenticationProviderTest.class */
public class LDAPAuthenticationProviderTest extends TestCase {
    private LDAPSecurityProvider securityProvider;
    private GeoServerSecurityManager securityManager;
    private LDAPSecurityServiceConfig config;
    private LDAPAuthenticationProvider authProvider;
    private Authentication authentication;
    private Authentication authenticationOther;
    private File tempFolder;
    private static final String ldapServerUrl = "ldap://127.0.0.1:10389";
    private static final String basePath = "dc=example,dc=com";

    public void setUp() throws Exception {
        this.tempFolder = File.createTempFile("ldap", "test");
        this.tempFolder.delete();
        this.tempFolder.mkdirs();
        this.securityManager = new GeoServerSecurityManager(new GeoServerDataDirectory(new GeoServerResourceLoader(this.tempFolder)));
        this.securityProvider = new LDAPSecurityProvider(this.securityManager);
        this.config = new LDAPSecurityServiceConfig();
        this.config.setServerURL("ldap://127.0.0.1:10389/dc=example,dc=com");
        this.config.setGroupSearchBase("ou=Groups");
        this.config.setGroupSearchFilter("member=cn={1}");
        this.config.setUseTLS(false);
        this.authentication = new UsernamePasswordAuthenticationToken("admin", "admin");
        this.authenticationOther = new UsernamePasswordAuthenticationToken("other", "other");
    }

    public void tearDown() throws Exception {
        this.tempFolder.delete();
        LdapTestUtils.destroyApacheDirectoryServer("uid=admin,ou=system", "secret");
    }

    public void testBindBeforeGroupSearch() throws Exception {
        if (LDAPTestUtils.initLdapServer(false, "ldap://127.0.0.1:10389", "dc=example,dc=com")) {
            this.config.setUserDnPattern("uid={0},ou=People");
            this.config.setBindBeforeGroupSearch(true);
            createAuthenticationProvider();
            Authentication authenticate = this.authProvider.authenticate(this.authentication);
            assertNotNull(authenticate);
            assertEquals("admin", authenticate.getName());
            assertEquals(2, authenticate.getAuthorities().size());
        }
    }

    public void testBindBeforeGroupSearchRequiredIfAnonymousDisabled() throws Exception {
        if (LDAPTestUtils.initLdapServer(false, "ldap://127.0.0.1:10389", "dc=example,dc=com")) {
            this.config.setUserDnPattern("uid={0},ou=People");
            this.config.setBindBeforeGroupSearch(false);
            createAuthenticationProvider();
            boolean z = false;
            try {
                this.authProvider.authenticate(this.authentication);
            } catch (Exception e) {
                z = true;
            }
            assertTrue(z);
        }
    }

    public void testUserFilterAndFormat() throws Exception {
        if (LDAPTestUtils.initLdapServer(true, "ldap://127.0.0.1:10389", "dc=example,dc=com")) {
            this.config.setUserFilter("(telephonenumber=1)");
            this.config.setUserFormat("uid={0},ou=People,dc=example,dc=com");
            createAuthenticationProvider();
            assertEquals(2, this.authProvider.authenticate(this.authentication).getAuthorities().size());
        }
    }

    public void testAdminGroup() throws Exception {
        if (LDAPTestUtils.initLdapServer(true, "ldap://127.0.0.1:10389", "dc=example,dc=com")) {
            this.config.setUserDnPattern("uid={0},ou=People");
            this.config.setAdminGroup("other");
            createAuthenticationProvider();
            boolean z = false;
            Iterator it = this.authProvider.authenticate(this.authenticationOther).getAuthorities().iterator();
            while (it.hasNext()) {
                if (((GrantedAuthority) it.next()).getAuthority().equalsIgnoreCase("ROLE_ADMINISTRATOR")) {
                    z = true;
                }
            }
            assertTrue(z);
        }
    }

    public void testGroupAdminGroup() throws Exception {
        if (LDAPTestUtils.initLdapServer(true, "ldap://127.0.0.1:10389", "dc=example,dc=com")) {
            this.config.setUserDnPattern("uid={0},ou=People");
            this.config.setGroupAdminGroup("other");
            createAuthenticationProvider();
            boolean z = false;
            Iterator it = this.authProvider.authenticate(this.authenticationOther).getAuthorities().iterator();
            while (it.hasNext()) {
                if (((GrantedAuthority) it.next()).getAuthority().equalsIgnoreCase("ROLE_GROUP_ADMIN")) {
                    z = true;
                }
            }
            assertTrue(z);
        }
    }

    private void createAuthenticationProvider() {
        this.authProvider = this.securityProvider.createAuthenticationProvider(this.config);
    }
}
