package org.geoserver.web;

import java.io.IOException;
import java.net.HttpURLConnection;
import java.util.ArrayList;
import java.util.List;
import net.sf.json.JSONObject;
import org.apache.commons.io.IOUtils;
import org.geoserver.security.impl.ServiceAccessRule;
import org.geotools.data.Base64;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Test;

/* loaded from: input_file:org/geoserver/web/GeoServerWicketOnlineTest.class */
public class GeoServerWicketOnlineTest extends GeoServerWicketOnlineTestSupport {
    @Test
    public void testLogin() throws IOException {
        Assume.assumeTrue(isOnline());
        String login = login("admin", "geoserver");
        get("web/", login);
        logout(login);
    }

    @Test
    public void testCannotAddAccessRuleIterative() throws IOException {
        Assume.assumeTrue(isOnline());
        List<ServiceAccessRule> serviceAccessRules = getServiceAccessRules();
        String login = login("admin", "geoserver");
        for (int i = 0; i < 20; i++) {
            try {
                getNewServiceAccessRulePageWicket(login);
                addServiceAccessRuleWicket(login, 13, false);
                assertServiceAccessRuleNotAdded(serviceAccessRules, "Added access rule using only an exising session id");
            } finally {
                logout(login);
            }
        }
    }

    @Test
    public void testCannotAddAccessRuleProgramatic() throws IOException {
        Assume.assumeTrue(isOnline());
        List<ServiceAccessRule> serviceAccessRules = getServiceAccessRules();
        String login = login("admin", "geoserver");
        try {
            addServiceAccessRuleWicket(login, getNewServiceAccessRulePageWicket(login), false);
            assertServiceAccessRuleNotAdded(serviceAccessRules, "Added access rule using only an exising session id and response from page requests");
            logout(login);
        } catch (Throwable th) {
            logout(login);
            throw th;
        }
    }

    private int getNewServiceAccessRulePageWicket(String str) throws IOException {
        HttpURLConnection httpURLConnection = get("web/wicket/bookmarkable/org.geoserver.security.web.service.NewServiceAccessRulePage", str, null);
        IOUtils.toString(httpURLConnection.getInputStream(), "UTF-8");
        int parseInt = Integer.parseInt(httpURLConnection.getURL().getQuery());
        httpURLConnection.disconnect();
        return parseInt;
    }

    private void addServiceAccessRuleWicket(String str, int i, boolean z) throws IOException {
        HttpURLConnection preparePost = preparePost("web/wicket/bookmarkable/org.geoserver.security.web.service.NewServiceAccessRulePage?" + i + "-1.IBehaviorListener.0-form-service", "service=4".length(), "application/x-www-form-urlencoded", str);
        preparePost.setRequestProperty("Wicket-Ajax", "true");
        preparePost.setRequestProperty("Wicket-Ajax-BaseURL", "wicket/bookmarkable/org.geoserver.security.web.service.NewServiceAccessRulePage?" + i);
        preparePost.setRequestProperty("Wicket-FocusedElementId", "service");
        if (z) {
            preparePost.setRequestProperty("Referer", "http://localhost:9090/geoserver/web/wicket/bookmarkable/org.geoserver.security.web.service.NewServiceAccessRulePage?" + i);
        }
        HttpURLConnection doPost = doPost(preparePost, "service=4");
        if (doPost.getResponseCode() < 400) {
            IOUtils.toString(doPost.getInputStream(), "UTF-8");
        }
        doPost.disconnect();
        HttpURLConnection preparePost2 = preparePost("web/wicket/bookmarkable/org.geoserver.security.web.service.NewServiceAccessRulePage?" + i + "-1.IBehaviorListener.0-form-roles-anyRole", "roles:anyRole=on".length(), "application/x-www-form-urlencoded", str);
        preparePost2.setRequestProperty("Wicket-Ajax", "true");
        if (z) {
            preparePost2.setRequestProperty("Referer", "http://localhost:9090/geoserver/web/wicket/bookmarkable/org.geoserver.security.web.service.NewServiceAccessRulePage?" + i);
        }
        preparePost2.setRequestProperty("Wicket-Ajax-BaseURL", "wicket/bookmarkable/org.geoserver.security.web.service.NewServiceAccessRulePage?" + i);
        preparePost2.setRequestProperty("Wicket-FocusedElementId", "id3c");
        HttpURLConnection doPost2 = doPost(preparePost2, "roles:anyRole=on");
        if (doPost2.getResponseCode() < 400) {
            IOUtils.toString(doPost2.getInputStream(), "UTF-8");
        }
        doPost2.disconnect();
        HttpURLConnection preparePost3 = preparePost("web/wicket/bookmarkable/org.geoserver.security.web.service.NewServiceAccessRulePage?" + i + "-1.IFormSubmitListener-form", "save=x&service=4&p::method=12&roles:anyRole=on".length(), "application/x-www-form-urlencoded", str);
        preparePost3.setInstanceFollowRedirects(false);
        if (z) {
            preparePost3.setRequestProperty("Referer", "http://localhost:9090/geoserver/web/wicket/bookmarkable/org.geoserver.security.web.service.NewServiceAccessRulePage?" + i);
        }
        HttpURLConnection doPost3 = doPost(preparePost3, "save=x&service=4&p::method=12&roles:anyRole=on");
        if (doPost3.getResponseCode() < 400) {
            IOUtils.toString(doPost3.getInputStream(), "UTF-8");
        }
        doPost3.disconnect();
    }

    private void assertServiceAccessRuleNotAdded(List<ServiceAccessRule> list, String str) throws IOException {
        List<ServiceAccessRule> serviceAccessRules = getServiceAccessRules();
        if (serviceAccessRules.size() > list.size()) {
            deleteServiceAccessRule(serviceAccessRules.get(serviceAccessRules.size() - 1).getKey());
            Assert.fail(str);
        }
    }

    protected List<ServiceAccessRule> getServiceAccessRules() throws IOException {
        HttpURLConnection prepareGet = prepareGet("rest/security/acl/services", null, "application/json");
        prepareGet.setRequestProperty("Authorization", "Basic " + new String(Base64.encodeBytes("admin:geoserver".getBytes())));
        HttpURLConnection doGet = doGet(prepareGet);
        String iOUtils = IOUtils.toString(doGet.getInputStream(), "UTF-8");
        doGet.disconnect();
        JSONObject fromObject = JSONObject.fromObject(iOUtils);
        ArrayList arrayList = new ArrayList();
        for (Object obj : fromObject.keySet()) {
            String[] split = ((String) obj).split("\\.");
            arrayList.add(new ServiceAccessRule(split[0], split[1], ((String) fromObject.get(obj)).split(",")));
        }
        return arrayList;
    }

    protected boolean deleteServiceAccessRule(String str) throws IOException {
        HttpURLConnection prepareDelete = prepareDelete("rest/security/acl/services/" + str, null);
        prepareDelete.setRequestProperty("Authorization", "Basic " + new String(Base64.encodeBytes("admin:geoserver".getBytes())));
        HttpURLConnection doGet = doGet(prepareDelete);
        int responseCode = doGet.getResponseCode();
        doGet.disconnect();
        return responseCode == 200;
    }
}
