package it.geosolutions.geostore.rest.security;

import it.geosolutions.geostore.core.model.User;
import it.geosolutions.geostore.core.model.UserAttribute;
import it.geosolutions.geostore.core.model.UserGroup;
import it.geosolutions.geostore.core.model.UserGroupAttribute;
import it.geosolutions.geostore.core.model.enums.Role;
import it.geosolutions.geostore.core.security.MapExpressionUserMapper;
import it.geosolutions.geostore.services.UserGroupService;
import it.geosolutions.geostore.services.dto.ShortResource;
import it.geosolutions.geostore.services.exception.BadRequestServiceEx;
import it.geosolutions.geostore.services.exception.NotFoundServiceEx;
import it.geosolutions.geostore.services.rest.security.GeoStoreRequestHeadersAuthenticationFilter;
import it.geosolutions.geostore.services.rest.security.oauth2.JWTHelper;
import it.geosolutions.geostore.services.rest.security.oauth2.OAuth2Configuration;
import it.geosolutions.geostore.services.rest.security.oauth2.OAuth2GeoStoreAuthenticationFilter;
import it.geosolutions.geostore.services.rest.utils.MockedUserService;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Vector;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;

/* loaded from: input_file:it/geosolutions/geostore/rest/security/GeoStoreAuthenticationFilterTest.class */
public class GeoStoreAuthenticationFilterTest {
    private static final String USERNAME_HEADER = "username";
    private static final String SAMPLE_USER = "myuser";
    private MockedUserService userService;
    private GeoStoreRequestHeadersAuthenticationFilter headerFilter;
    private HttpServletRequest req;
    private HttpServletResponse resp;

    /* loaded from: input_file:it/geosolutions/geostore/rest/security/GeoStoreAuthenticationFilterTest$DummyUserGroupService.class */
    private static class DummyUserGroupService implements UserGroupService {
        private final Map<String, UserGroup> groupsByName = new HashMap();
        private final Map<Long, UserGroup> groupsById = new HashMap();
        private long nextId = 1;

        private DummyUserGroupService() {
        }

        public UserGroup get(String str) {
            return this.groupsByName.get(str);
        }

        public long getCount(String str, boolean z) throws BadRequestServiceEx {
            return 0L;
        }

        public long getCount(User user, String str, boolean z) throws BadRequestServiceEx {
            return 0L;
        }

        public void updateAttributes(long j, List<UserGroupAttribute> list) throws NotFoundServiceEx {
        }

        public long update(UserGroup userGroup) throws NotFoundServiceEx, BadRequestServiceEx {
            return 0L;
        }

        public Collection<UserGroup> findByAttribute(String str, List<String> list, boolean z) {
            return List.of();
        }

        public UserGroup get(long j) {
            return this.groupsById.get(Long.valueOf(j));
        }

        public List<ShortResource> updateSecurityRules(Long l, List<Long> list, boolean z, boolean z2) throws NotFoundServiceEx, BadRequestServiceEx {
            return List.of();
        }

        public boolean insertSpecialUsersGroups() {
            return false;
        }

        public boolean removeSpecialUsersGroups() {
            return false;
        }

        /*  JADX ERROR: Failed to decode insn: 0x0031: MOVE_MULTI, method: it.geosolutions.geostore.rest.security.GeoStoreAuthenticationFilterTest.DummyUserGroupService.insert(it.geosolutions.geostore.core.model.UserGroup):long
            java.lang.ArrayIndexOutOfBoundsException: arraycopy: source index -1 out of bounds for object array[8]
            	at java.base/java.lang.System.arraycopy(Native Method)
            	at jadx.plugins.input.java.data.code.StackState.insert(StackState.java:49)
            	at jadx.plugins.input.java.data.code.CodeDecodeState.insert(CodeDecodeState.java:118)
            	at jadx.plugins.input.java.data.code.JavaInsnsRegister.dup2x1(JavaInsnsRegister.java:313)
            	at jadx.plugins.input.java.data.code.JavaInsnData.decode(JavaInsnData.java:46)
            	at jadx.core.dex.instructions.InsnDecoder.lambda$process$0(InsnDecoder.java:54)
            	at jadx.plugins.input.java.data.code.JavaCodeReader.visitInstructions(JavaCodeReader.java:81)
            	at jadx.core.dex.instructions.InsnDecoder.process(InsnDecoder.java:50)
            	at jadx.core.dex.nodes.MethodNode.load(MethodNode.java:156)
            	at jadx.core.dex.nodes.ClassNode.load(ClassNode.java:443)
            	at jadx.core.dex.nodes.ClassNode.load(ClassNode.java:449)
            	at jadx.core.ProcessClass.process(ProcessClass.java:70)
            	at jadx.core.ProcessClass.generateCode(ProcessClass.java:113)
            	at jadx.core.dex.nodes.ClassNode.generateClassCode(ClassNode.java:400)
            	at jadx.core.dex.nodes.ClassNode.decompile(ClassNode.java:388)
            	at jadx.core.dex.nodes.ClassNode.getCode(ClassNode.java:338)
            */
        public long insert(it.geosolutions.geostore.core.model.UserGroup r9) throws it.geosolutions.geostore.services.exception.BadRequestServiceEx {
            /*
                r8 = this;
                r0 = r9
                r1 = r8
                long r1 = r1.nextId
                java.lang.Long r1 = java.lang.Long.valueOf(r1)
                r0.setId(r1)
                r0 = r8
                java.util.Map<java.lang.Long, it.geosolutions.geostore.core.model.UserGroup> r0 = r0.groupsById
                r1 = r8
                long r1 = r1.nextId
                java.lang.Long r1 = java.lang.Long.valueOf(r1)
                r2 = r9
                java.lang.Object r0 = r0.put(r1, r2)
                r0 = r8
                java.util.Map<java.lang.String, it.geosolutions.geostore.core.model.UserGroup> r0 = r0.groupsByName
                r1 = r9
                java.lang.String r1 = r1.getGroupName()
                r2 = r9
                java.lang.Object r0 = r0.put(r1, r2)
                r0 = r8
                r1 = r0
                long r1 = r1.nextId
                // decode failed: arraycopy: source index -1 out of bounds for object array[8]
                r2 = 1
                long r1 = r1 + r2
                r0.nextId = r1
                return r-1
            */
            throw new UnsupportedOperationException("Method not decompiled: it.geosolutions.geostore.rest.security.GeoStoreAuthenticationFilterTest.DummyUserGroupService.insert(it.geosolutions.geostore.core.model.UserGroup):long");
        }

        public boolean delete(long j) throws NotFoundServiceEx, BadRequestServiceEx {
            return false;
        }

        public void assignUserGroup(long j, long j2) throws NotFoundServiceEx {
        }

        public void deassignUserGroup(long j, long j2) throws NotFoundServiceEx {
        }

        public List<UserGroup> getAllAllowed(User user, Integer num, Integer num2, String str, boolean z) throws BadRequestServiceEx {
            return List.of();
        }

        public List<UserGroup> getAll(Integer num, Integer num2) throws BadRequestServiceEx {
            return List.of();
        }

        public List<UserGroup> getAll(Integer num, Integer num2, String str, boolean z) throws BadRequestServiceEx {
            return List.of();
        }
    }

    @Before
    public void setUp() {
        this.userService = new MockedUserService();
        this.headerFilter = new GeoStoreRequestHeadersAuthenticationFilter();
        this.headerFilter.setUserNameHeader(USERNAME_HEADER);
        this.headerFilter.setUserService(this.userService);
        this.headerFilter.setAutoCreateUser(true);
        this.req = (HttpServletRequest) Mockito.mock(HttpServletRequest.class);
        this.resp = (HttpServletResponse) Mockito.mock(HttpServletResponse.class);
        Mockito.when(this.req.getHeader(USERNAME_HEADER)).thenReturn(SAMPLE_USER);
        Mockito.when(this.req.getHeader("header1")).thenReturn("value1");
        Mockito.when(this.req.getHeaderNames()).thenReturn(new Vector(Arrays.asList(USERNAME_HEADER, "header1")).elements());
    }

    @After
    public void tearDown() {
        SecurityContextHolder.getContext().setAuthentication((Authentication) null);
    }

    @Test
    public void testAutoCreate() throws IOException, ServletException, NotFoundServiceEx {
        this.headerFilter.doFilter(this.req, this.resp, new FilterChain() { // from class: it.geosolutions.geostore.rest.security.GeoStoreAuthenticationFilterTest.1
            public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
            }
        });
        User user = this.userService.get(SAMPLE_USER);
        checkUser(user);
        Assert.assertTrue("User should be enabled", user.isEnabled());
    }

    @Test
    public void testAutoCreateDisabled() throws IOException, ServletException, NotFoundServiceEx {
        this.headerFilter.setEnableAutoCreatedUsers(false);
        this.headerFilter.doFilter(this.req, this.resp, new FilterChain() { // from class: it.geosolutions.geostore.rest.security.GeoStoreAuthenticationFilterTest.2
            public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
            }
        });
        User user = this.userService.get(SAMPLE_USER);
        checkUser(user);
        Assert.assertFalse("User should be disabled", user.isEnabled());
    }

    @Test
    public void testAutoCreateAttributesMapping() throws IOException, ServletException, NotFoundServiceEx {
        this.headerFilter.setUserMapper(new MapExpressionUserMapper(Collections.singletonMap("attr1", "header1")));
        this.headerFilter.doFilter(this.req, this.resp, new FilterChain() { // from class: it.geosolutions.geostore.rest.security.GeoStoreAuthenticationFilterTest.3
            public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
            }
        });
        User user = this.userService.get(SAMPLE_USER);
        checkUser(user);
        Assert.assertNotNull("Attributes should not be null", user.getAttribute());
        Assert.assertEquals("Should have one attribute", 1L, user.getAttribute().size());
        UserAttribute userAttribute = (UserAttribute) user.getAttribute().get(0);
        Assert.assertEquals("Attribute name should be 'attr1'", "attr1", userAttribute.getName());
        Assert.assertEquals("Attribute value should be 'value1'", "value1", userAttribute.getValue());
    }

    @Test
    public void testUsernameRemapping() throws Exception {
        OAuth2Configuration oAuth2Configuration = new OAuth2Configuration();
        oAuth2Configuration.setPrincipalKey("principal");
        oAuth2Configuration.setUniqueUsername("unique");
        oAuth2Configuration.setBeanName("testBean");
        oAuth2Configuration.setAutoCreateUser(true);
        PreAuthenticatedAuthenticationToken createPreAuthentication = new OAuth2GeoStoreAuthenticationFilter(null, null, oAuth2Configuration, null) { // from class: it.geosolutions.geostore.rest.security.GeoStoreAuthenticationFilterTest.4
            protected JWTHelper decodeAndValidateIdToken(String str) {
                return new JWTHelper(str) { // from class: it.geosolutions.geostore.rest.security.GeoStoreAuthenticationFilterTest.4.1
                    public <T> T getClaim(String str2, Class<T> cls) {
                        if ("principal".equals(str2)) {
                            return GeoStoreAuthenticationFilterTest.SAMPLE_USER;
                        }
                        if ("unique".equals(str2)) {
                            return "remappedUser";
                        }
                        return null;
                    }
                };
            }

            protected User retrieveUserWithAuthorities(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
                User user = new User();
                user.setName(str);
                user.setRole(Role.USER);
                user.setEnabled(true);
                user.setAttribute(Collections.emptyList());
                user.setGroups(new HashSet());
                return user;
            }

            protected void configureRestTemplate() {
            }
        }.createPreAuthentication(SAMPLE_USER, (HttpServletRequest) Mockito.mock(HttpServletRequest.class), (HttpServletResponse) Mockito.mock(HttpServletResponse.class));
        Assert.assertNotNull("Authentication token should not be null", createPreAuthentication);
        User user = (User) createPreAuthentication.getPrincipal();
        Assert.assertNotNull("User should not be null", user);
        Assert.assertEquals("Username should be remapped to the unique claim value", "remappedUser", user.getName());
    }

    @Test
    public void testGroupNamesUppercaseAndUserGroupAssignment() throws Exception {
        OAuth2Configuration oAuth2Configuration = new OAuth2Configuration();
        oAuth2Configuration.setGroupsClaim("groups");
        oAuth2Configuration.setBeanName("testBean");
        oAuth2Configuration.setAutoCreateUser(true);
        oAuth2Configuration.setGroupNamesUppercase(true);
        DummyUserGroupService dummyUserGroupService = new DummyUserGroupService();
        OAuth2GeoStoreAuthenticationFilter oAuth2GeoStoreAuthenticationFilter = new OAuth2GeoStoreAuthenticationFilter(null, null, oAuth2Configuration, null) { // from class: it.geosolutions.geostore.rest.security.GeoStoreAuthenticationFilterTest.5
            protected JWTHelper decodeAndValidateIdToken(String str) {
                return new JWTHelper(str) { // from class: it.geosolutions.geostore.rest.security.GeoStoreAuthenticationFilterTest.5.1
                    public <T> List<T> getClaimAsList(String str2, Class<T> cls) {
                        return "groups".equals(str2) ? Collections.singletonList("groupA") : Collections.emptyList();
                    }
                };
            }

            protected User retrieveUserWithAuthorities(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
                User user = new User();
                user.setName(str);
                user.setRole(Role.USER);
                user.setEnabled(true);
                user.setAttribute(Collections.emptyList());
                user.setGroups(new HashSet());
                return user;
            }

            protected void configureRestTemplate() {
            }
        };
        oAuth2GeoStoreAuthenticationFilter.setUserGroupService(dummyUserGroupService);
        PreAuthenticatedAuthenticationToken createPreAuthentication = oAuth2GeoStoreAuthenticationFilter.createPreAuthentication("anyuser", (HttpServletRequest) Mockito.mock(HttpServletRequest.class), (HttpServletResponse) Mockito.mock(HttpServletResponse.class));
        Assert.assertNotNull("Authentication token should not be null", createPreAuthentication);
        User user = (User) createPreAuthentication.getPrincipal();
        Assert.assertNotNull("User should not be null", user);
        Assert.assertTrue("User should be assigned to group GROUPA", user.getGroups().stream().anyMatch(userGroup -> {
            return "GROUPA".equals(userGroup.getGroupName());
        }));
        Assert.assertNotNull("Dummy group service should contain group GROUPA", dummyUserGroupService.get("GROUPA"));
    }

    private void checkUser(User user) {
        Assert.assertNotNull("User should not be null", user);
        Assert.assertEquals("User role should be USER", Role.USER, user.getRole());
        Assert.assertTrue("User groups should be empty", user.getGroups().isEmpty());
    }
}
